Getting  “suite"  on  endpoint  security 

Symantec,  McAfee  others  push  suites  over 
standalone  products.  Page  13. 
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NEC  hits  sweet  spot  for  mobile  workers 

Univerge  platform  brings  slick,  unified  view  of  all 
communications  out  to  mobile  users.  Page  25. 


virtualization 

software 

VMware  goes  open 
source;  while  Citrix 
improves 
XenDesktop. 

Page  9. 

Sprint's  4G  exec  on 
the  need  for  speed 

Todd  Rowley,  Sprint’s 
4G/WiMAX  business 
unit  chief,  talks  about 
how  the  carrier  will 
offer  multi-megabit 
wireless  data  ser¬ 
vices  overWiMAX. 
Page  10. 


Rogue 

Firefox 

add-ons 

bring 

risks  ^  A 

Columnist  Andreas 
Antonopoulos  is 
increasingly  con¬ 
cerned  about  Firefox 
add-ons.  Especially 
the  ones  he  didn't  ask 
for.  Page  17. 


DIYer  tries 
to  ‘catch’  a 
wave  with 
bare  hands 

BY  TIM 
GREENE 

Bruce  Allen 
is  perhaps  the 
world’s  best  do- 
it-yourselfer. 

When  he  need¬ 
ed  a  super¬ 
computer  to  crunch  the  results 
of  gravitational-wave  research, 
he  built  one  with  his  colleagues 
at  the  University  of  Wisconsin- 
Milwaukee. 

That  was  in  1998,  and  since 
then  he’s  built  three  more  super¬ 
computers,  all  in  pursuit  of  actu¬ 
ally  observing  gravitational 
waves  —  they  theoretically 
emanate  from  black  holes  orbit¬ 
ing  each  other  and  from  explod¬ 
ing  stars  —  that  have  never  been 
directly  observed. 

See  Allen,  page  30 


Google  execs 
on  trial 

Four  Google  execu¬ 
tives  are  facing  a 
Criminal  trial  in  Italy 
‘over  their  non-exis- 
.tent  roles  in  the  post¬ 
ing  of  a  controversial 
video.  Page  34. 


■  SiCortex  is  trying 
to  bring  benefits  of 
high-performance 
computing  to  smaller 
enterprises  and 
research  groups,  with 
an  energy-efficiency 
twist.  Page  10. 


Microsoft  muscling  up 
for  assault  on  the  PBX 

OCS  R2  accelerates  move  of  voice  to  software 


BY  JOHN  FONTANA 

Nearly  16  months  after  launching  its  uni¬ 
fied  communications  platform  and  taking 
aim  at  replacing  the  venerable  PBX,  Micro¬ 
soft  now  has  the  technology  in  its  Office 
Communications  Server  that  could  change 
corporate  telecom  forever. 

With  last  week’s  official  release  of  OCS 
2007  R2,  Microsoft  filled  important  gaps  in 
its  voice  platform  with  a  Session  Initiation 
Protocol  (SIP)  trunking  capability  and  a 
console  for  operator  assisted  call  routing. 
The  company  also  added  conferencing 
enhancements  and  API  improvements.  SIP 
trunking  lets  OCS  connect  VoIP  services 
directly  to  Internet  telephony  providers 


and  eliminate  the  need  for  separate  voice 
and  data  trunks. 

Some  advanced  features  are  still  missing 
from  OCS’s  voice  side,  such  as  91 1  location 
services.  But  experts  say  Microsoft  has  laid 
down  a  solid  foundation  for  corporate 
users,  its  own  future  voice  developments 
and  those  of  partners. 

Microsoft,  however,  isn’t  poised  for  a 
quick  strike.  Analysts  say  it  could  be  a  five- 
year  evolutionary  process  that  brings  the 
company  from  its  infancy  in  the  telecom 
market  to  a  top-tier  position  in  enterprise 
voice  along  side  —  or  displacing  —  such 
giants  as,  Alcatel/Lucent,  Avaya,  Cisco,  NEC, 
See  Microsoft,  page  16 
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Disclosure  laws 
have  provided  a 
gold  mine  of  data 
on  the  causes  of 
data  breaches 
and  ways  that 
you  can  avoid 
a  costly  incident 
at  your  company 
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NETWORK  INFRASTRUCTURE 

9  VMware,  Citrix  bolster  desktop 
virtualization. 

13  SPECIAL  FOCUS:  Getting*  suite* 
on  endpoint  security. 

13  Nagging  NAC  questions. 

17  Opinion  Andreas  Antonopoulos: 

Rogue  Firefox  add-ons  bring  security 
risks. 

34  Opinion  BackSpin:  Fixing  the 
privacy  joke. 

ENTERPRISE  COMPUTING 


COOL 

TOOLS 

■  The 
BlackBerry 
Curve  8900 
packs  in  fea¬ 
tures  despite 
being  the 
thinnest  and 
lightest 
BlackBerry 
device  ever. 
See  Cool  Tools, 
page  20. 


GOODBADUGLY 

Nortel:  Bankruptcy  be  damned 

Nortel  has  signed  up  "hundreds”  of 
new  customers  since  filing  for 
Chapter  11  bankruptcy  protection 
three  weeks  ago.  Customers  are 
encouraged  that  Nortel  can  emerge 
from  Chapter  11  as  a  stable,  viable 
supplier  with  a  stronger  balance 
sheet,  says  the  company’s  Enterprise 
Solutions  President  Joel  Hackney. 

"We  had  questions  whether  cus¬ 
tomers  were  going  to  continue  with 
the  uncertainty,  but  I  think  our  efforts 
in  getting  the  message  out  have  been 
fruitful  and  proof  points  are  beginning 
to  come  in,"  he  says.  As  an  example, 
Hackney  says  Nortel  has  already 
shipped  1,000  Business  Communica¬ 
tions  Manager  450  units  since  the 
product’s  introduction  last  October. 


10  Start-up  targets  supercomputing 
field. 

APPLICATION  SERVICES _ 

34  Opinion  ’Net  Buzz:  Google  execs  on 
trial  in  Italy  over  a  video. 

SERVICE  PROVIDERS 

12  Sprint’s  4G  guy:The  need  for  speed. 

14  Opinion  Johna  Till  Johnson:  The 

many  flavors  of  carrier  Ethernet. 

17  Opinion  Scott  Bradner:  Cox 

Communications  attracting  attention. 

25  Clear  Choice  Test:  NEC  hits  sweet 
spot  for  mobile  workers. 


TECH  UPDATE 

18  Managing  application  services. 

20  Mark  Gibbs:  Building  a  wiki  with 
TiddlyWiki. 

20  Keith  Shaw:  BlackBerry  gets  thin 
with  the  8900. 

NETW0RKW0RLD.COM 

6  Catch  up  on  the  latest  online  stories, 
blogs,  newsletters  and  video. 


■  CONTACT  Network  World,  492  Old  Connecticut 
Path,  Framingham,  MA  01701-9002;  Phone:  (508)  766- 
5301;  E-mail:  nwnews@nww.com;  ■  REPRINTS:  (717) 
399-1900;  ■  SUBSCRIPTIONS:  Phone  877-701-2228; 
E-mail:  nww@omeda.com;  URL: 
www.subscribenww.com 
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Disclosure  laws 
have  provided  a 
gold  mine  of  data  on 
tne  causes  of  data 
breaches  and  ways 
that  you  can  avoid  a 
costly  incident  at  your 
company 

PAGE  22 


Treasury  security 
shortcomings  cited 

Data  used  to  fight  money-laundering 
and  funding  for  terrorists  is  at  risk 
because  of  significant  security 
weaknesses  within  the  networks 
used  by  a  crime-fighting  arm  of  the 
U.S. Treasury  Department,  according 
to  a  government  study.The  U.S. 
General  Accounting  Office  cites  lax 
authentication  and  access  controls, 
inadequate  encryption,  insufficient 
firewalling  and  inconsistent  I 
of  database  activity  as  prob 
that  the  Financial  Crimes 
Enforcement  Network 
address. 


San  Francisco  rogue  IT  adminis¬ 
trator  returns 

The  network  administrator  who  was 
jailed  for  allegedly  holding  San 
Francisco’s  city  government  network 
hostage  has  filed  a  $3  million  claim 
against  the  city. Terry  Childs  made 
national  headlines  last  year,  when  he 
was  arrested  after  refusing  to  hand 
over  the  passwords  he  used  to  the 
wide  area  network  that  he  managed 
for  the  city.  Childs  eventually  did  com- 
oly,  giving  the  information  to  San 
:rancisco  Mayor  Gavin  Newsom,  but 
ie  has  remained  in  jail  since  his  July 
12  arrest,  held  on  a  $5  million  bond.  He 
faces  seven  years  in  prison  if  convict¬ 
ed.  His  $3  million  claim  for  damages 
was  filed  with  the  city  on  Jan.  8 


With  the  world’s  data  growing  dramatically,  IBM  storage  virtualization  solutions 
can  help  you  gain  control  in  a  responsible,  energy-efficient  way.  The  IBM 
System  Storage"'  SAN  Volume  Controller  can  reduce  storage  growth  by  up  to 
20%  and  boost  utilization  by  as  much  as  30%.  And  combined  with  IBM  tape 
solutions,  some  companies  have  reduced  their  TCO  by  as  much  as  50%1  A 
greener  world  starts  with  greener  business.  Greener  business  starts  with  IBM. 
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Cisco  layoffs  possible  or 
probable? 

Re:  Cisco  is  not  ruling  out  layoffs  (www. 
nwdocfinder.com/8639):  1,500  to  2,000  jobs 
will  be  realigned  or  restructured.  In  2009-Cisco- 
speak.this  means  1,500  to  2,000  current  em¬ 
ployees  will  be  laid  off  —  sorry, “part  of  a  lim¬ 
ited  restructuring”.  Some  of  those  positions 
will  be  either  outsourced  or  offshored. The  for¬ 
mer  means  contracted  out,  the  latter  means 
the  intellectual  property  is  sold  off.  In  all  cases, 
Cisco  sheds  the  salaries  and  benefits  of  1 ,500 
to  2,000  workers.  Security  jobs  are  insecure. 

Anonymous 

Discuss  at  www.nwdocfinder.com/8639 

Re:  Researchers:  IT  security  jobs  largely  un¬ 
touched  by  economy,  (www.nwdocfinder. 
com/8640):  I  am  a  CISSP  and  CISA  Certified 
consultant  working  in  the  Chicago  market.  Not 
only  have  I  seen  many  fellow  consultants  as 
well  as  myself  be  subject  to  layoffs  or  other 
reductions  in  force,  those  who  have  managed 
to  keep  their  positions  have  had  drastic  cuts  in 
their  billable  rates.  Why?  The  economy  is  what 
we  are  told,  though  I  imagine  it  is  just  an  ex¬ 
cuse  to  reduce  expenses  to  better  align  with 
the  upper  echelon  bonus  scheme. 

For  anyone  to  say  the  security  industry  is 
largely  untouched  means  to  me  they  are  not 
polling  the  right  people.  I  myself  am  on  my 
fourth  position  in  the  past  10  months.  One  in 
California,  one  in  Chicago,  one  in  Texas  and 
finally  landing  in  Florida,  all  of  which  came 
after  I  was  “RIFd”  from  a  full-time  job  in 
Chicago,  along  with  22  other  security  staff, 
because  of  the  economy  Our  positions  were 
filled  in  India. 

ChicagoConsultant 

Discuss  at  www.nwdocfinder.com/8640 

New  antenna  not  needed 

Re:  Winter  not  to  blame  for  digital  TV  post¬ 
ponement  (www.nwdocfinder.com/8641): 

Winter  has  nothing  to  do  with  this.  If  you  get 
good  analog  reception  now,  you  don’t  need  a 
new  antenna  to  receive  broadcast  DTVThe 
only  item  you  might  need  is  the  converter  box 
if  you  have  an  analog  TV  set,  and  that  installs 
byyourTYnot  outside. Craig  [Mathias]  is  pretty 
much  on  target  as  far  as  I’m  concerned...  just 


more  incompetence. 

JW 

Discuss  at  www.nwdocfinder.com/8641 

Treat  your  disk  right 

Re:  Social  engineering:  Anatomy  of  a  hack 
(www.nwdocfinder.com/8642):  A  lot  of  this 
type  of  activity  will  lead  us  more  to  real-time 
tape-based  retrieval  connected  via  channel 
cables  to  AS400s.  Dick  Cosby  is  fluent  in  this 
technology 

Anonymous 

The  problem  after  hacker  activity  is  restoring 
the  data  files  to  their  previous  pre-hack  status. 
Dick  Cosby  has  had  specific  involvement  in 
recreating  the  disk  files  after  the  space  shuttle 
Challenger  disaster.  I  would  think  that  rebuild¬ 
ing  these  files  after  a  hack  would  be  easy 

Anonymous 

Discuss  at  www.nwdocfinder.com/8642 

Go  crazy  for  acronyms 

Re:  Does  the  job  market  push  us  towards  mul- 
tiple-CCxP?  (www.nwdocfinder.com/8643): 

I  am  one  for  diversity  in  the  certifications  — 
it  increases  your  value  to  the  company  gives 
you  a  total  picture  of  the  environment  you  are 
working  in  and  allows  for  more  interesting 
conversations  at  project  time. 

An  example  I  am  an  experienced  profes¬ 
sional  with  MCDBA,  MCSA,  CCNA  and  now 
pursuing  the  CCSP  along  with  incident  han¬ 
dling  and  forensics  expertise.This  has  allowed 
me  to  save  my  employer  several  millions  in 
expenditures  and  outsourcing  since  I  work 
with  a  very  professional  group  of  engineers. 

That  said  it  helps  to  at  least  have  an  AAS  in 
business  as  more  and  more  it  is  critical  that 
you  understand  business  and  the  impact  of 
your  technology  decisions.  As  for  CCIE  —  love 
it  and  would  one  day  achieve  it,  but  not  at  this 
time  since  the  time  necessary  is  not  in  my 
hands  right  now.  Good  luck. 

Anonymous 

Discuss  at  www.nwdocfinder.com/8643 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification 


One-day  IT  event  coming  to  a  city 

near  you! 

10-lTTracks;  Vendor  Expo;  Peer  Case- 
Studies 

Feature  sessions  include:  Security;  WAN  Services;  Net.  Management;  Virtualization; 
Data  Centers;  SaaS;  Green  IT;  UC;VolP;  Mobility;  Application  Delivery 

10  cities  in  2009 

ITR  visits  Denver,  Chicago  and  Boston  in  early  2009 
Register  and  qualify  to  attend  free 

www.nwdocfinder.com/8226 


HETWORKWORLD 

CEO:  MIKE  FRIEDENBERG 

EXECUTIVE  VICE  PRESIOENT/GENERAL  MANAGER:  JOHN  GALLANT 
EDITOR  IN  CHIEF:  JOHN  DIX 

■  NEWS 


ONLINE  EXECUTIVE  EDITOR,  NEWS:  BOB  BROWN 

ONLINE  NEWS  EDITOR:  MICHAEL  COONEY 

ONLINE  NEWS  EDITOR:  PAUL  MCNAMARA 

ONLINE  ASSOCIATE  NEWS  EDITOR:  ANN  BEDNARZ  (612)  926-0470 

■  NET  INFRASTRUCTURE 

SENIOR  EDITOR:  JOHN  COX  (978)  834-0554 

SENIOR  EDITOR:  TIM  GREENE 

SENIOR  EDITOR:  ELLEN  MESSMER  (941)  792-1061 

■  ENTERPRISE  COMPUTING 

SENIOR  EDITOR:  JOHN  FONTANA  (303)  377-9057 
SENIOR  WRITER:  JON  BRODKIN 

■  APPLICATION  SERVICES 

NATIONAL  CORRESPONDENT:  CAROLYN  DUFFY  MARSAN, 

(317)  566-0845 

SENIOR  EDITOR:  DENISE  DUBIE 

SENIOR  EDITOR:  CARA  GARRETSON  (240)  246-0098 

■  SERVICE  PROVIDERS 

MANAGING  EDITOR:  JIM  DUFFY  (716)  6554)103 
STAFF  WRITER:  BRAD  REED 

■  COPY  DESK/LAYOUT 

MANAGING  EDITOR:  RYAN  FRANCIS 
COPY  CHIEF:  TAMMY  O'KEEFE 
SENIOR  COPY  EDITOR:  JOHN  DOOLEY 
COPY  EDITOR:  CAROL  ZARROW 

■  ART 

ART  DIRECTOR:  BRIAN  GAIDRY 
ASSOCIATE  ART  DIRECTOR:  STEPHEN  SAUER 

■  FEATURES 

EXECUTIVE  FEATURES  EDITOR:  NEAL  WEINBERG 

■  CLEAR  CHOICE  TESTS 

EXECUTIVE  EDITOR,  TESTING:  CHRISTINE  BURNS,  (717)  243-3686 
LAB  ALLIANCE  PARTNERS:  JOEL  SNYDER,  Opus  One;  JOHN  BASS, 
Centennial  Networking  Labs;  BARRY  NANCE,  independent 
consultant;  THOMAS  POWELL,  PINT;  Miercom;  THOMAS 
HENDERSON,  ExtremeLabs;  TRAVIS  BERKLEY,  University  of 
Kansas;  DAVID  NEWMAN,  Network  Test;  CHRISTINE  PEREY, 
Perey  Research  &  Consulting;  JEFFREY  FRITZ,  University  of 
California, San  Francisco;  JAMES  GASKIN, Gaskin  Computing 
Services,  MANDY  ANDRESS,  ArcSec;  RODNEY  THAYER, 
Canola  &  Jones 

CONTRIBUTING  EDITORS:  DANIEL  BRIERE,  MARK  GIBBS,  JAMES 
KOBIELUS,  MARK  MILLER 

■  NETWORKWORLD.COM 

EXECUTIVE  EDITOR,  ONLINE:  ADAM  GAFFIN 

SITE  EDITOR:  JEFF  CARUSO,  (631)  584-5829 

SITE  PRODUCER:  JONATHAN  SUMMEY 

ASSISTANT  SITE  EDITOR:  LINDA  LEUNG,  (510)  647-8960 

COMMUNITY  EDITOR:  JULIE  BORT  (970)  482-6454 

PROGRAM  DIRECTOR:  KEITH  SHAW,  (508)  766-5444 

MULTIMEDIA  EDITOR:  JASON  MESERVE 

ASSOCIATE  ONLINE  EDITOR:  SHERYL  HODGE 

DIRECTOR  OF  USER  EXPERIENCE  &  INFORMATION  ARCHITECTURE:  VALESKA 

O’LEARY 

CREATIVE  LEAD:  ZACH  SULLIVAN 

USER  INTERACTION  DESIGNER:  KEVIN  KONIKOWSKI 

■  NEW  DATA  CENTER  SUPPLEMENTS _ 

EDITOR:  BETH  SCHULTZ,  (773)  283-0213 
COPY  EDITOR:  CAROL  ZARROW 

EDITORIAL  OPERATIONS  MANAGER:  CHERYL  CRIVELLO 

OFFICE  MANAGER,  EDITORIAL:  PAT  JOSEFEK 

MAIN  PHONE:  (508)  766-5301 

E-MAIL:  first  namejast  name@nww.com 


4  •  FEBRUARY  9,  2009  •  www.networkworld.com 


Today,  datacenters  eat  up  to  30  times  more  energy  per  square  foot  than  a 
typical  office.  The  answer:  IBM  green  datacenter  and  IT  services.  They 
can  help  you  implement  a  conservation  policy  and  measure,  manage  and 
report  on  real  results  against  it.  Many  IBM  customers  have  doubled  their 
IT  capacity:  others  have  reduced  energy  costs  by  40%  or  more.  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLE 

Take  the  first  step  toward  a  greener  datacenter  at  ibm.com/green/servic 
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■  Follow  these  links  to  more  resources  online 


1 BLOGOSPHERE 


■  Where  to  draw  the  line  on  Google.The 

Google  Subnet  blog  reports:  “Last  week,  the 
issue  was  Google’s  StreetView  and  its  ten¬ 
dency  toward  being  a  tool  for  both  good  and 
evil. This  week,  it's  Google  Latitude,  and  the 
argument  is  the  same.  While  knowing  where 
your  colleagues  or  loved  ones  are  at  all 
times  can  be  a  comfort  in  some  cases,  the 
same  tool  in  more  nefarious  hands  can  be 
anything  but,  as  explained  by  Privacy  Inter¬ 
national.  Google  keeps  churning  out  these 
double-edged  tools,  but  the  question  is: 
Where  should  we  draw  the  line?” 
www.nwdocfinder.com/8645 

■  Windows  7  UAC  fix  doesn’t  address 
UAC’s  fatal  flaw.  Mitchell  Ashley  writes  in 
his  Converging  on  Microsoft  blog:  "Wow, 
that  was  a  fast  turnaround  from  Microsoft, 
something  we’re  definitely  not  used  to. 
Microsoft  quickly  changed  their  position  on 
the  UAC  notification  default  setting  issue  in 
Windows  7,  due  to  the  vulnerability  two 
bloggers  found  where  malware  could 
change  the  notification  setting  on  a  compro¬ 
mised  computer  without  the  user’s  knowl¬ 
edge.  Rather  than  going  back  to  the  same 
setting  Vista  used,  which  would  have  created 
the  Vista  UAC  nightmare  all  over  again  (re¬ 
sulting  in  users  disabling  UAC  altogether), 
Windows  7  will  require  user  prompting 
whenever  this  notification  setting  is 
changed.  Microsoft  is  being  less  specific 
about  a  second  change  to  Windows  7  that 
“prevents  all  the  mechanics  around 
SendKeys  and  like  from  working”.  The  two 
changes  effectively  render  the  problem 
River/Zheng  found  moot.  But  this  solution 
doesn't  solve  the  core  user  experience  flaw 
with  UAC.  www.nwdocfinder.com/8646 

■  Rumor:  Apple  planning  TV  with  iTunes 
integration  and  DVR  capability?  Yoni 
Heisler  writes  in  his  iOnApple  blog,  “In  a 
recent  note  issued  to  clients,  Apple  analyst 
Gene  Munster  of  Piper  Jaffray  predicts  that 
Apple  will  eventually  come  out  with  an 
Apple-branded  television  set  with  DVR 
functionality,  and  the  ability  to  stream  con¬ 
tent  directly  from  iTunes.  He  writes  ‘We 
expect  Apple  to  design  a  connected  televi¬ 
sion  over  the  next  two  years  (launching  in 
2011)  with  DVR  functionality  built  in.  These 
recorded  shows  could  then  sync  with  Macs, 
iPhones  and  iPods  over  a  wireless  network. 
The  device  would  push  Apple  further  into 
the  digital  living  room  with  interactive  TV, 
music,  movie,  and  gaming  features.  With  its 
iTunes  ecosystem,  Apple  could  develop  a 
unique  TV  without  any  set-top-boxes  or 
devices  attached.”’ 
www.nwdocfinder.com/8647 


Google  Earth  goes 
underwater 

The  new  Google  Earth 
5.0  tool  features  under¬ 
water  exploration,  his¬ 
torical  views  and  the 
ability  to  create 
narrated  tours. 

www.nwdocfinder.com/8628 


World  tech  update 

Lenovo  is  stung  by 
losses;  Google  intro¬ 
duces  tracking  software 
and  an  update  to 
Google  Earth;  Apple’s 
iPhone  readies  for 
launch  in  the  Middle 
East,  and  more. 

www.nwdocfinder.com/8629 


Hot  spot  horror 
stories 

Author  James  Gaskin 
discusses  his  recent 
experiment  talking  with 
mobile  workers  about 
their  laptop  security 
usage  at  various  hot 
spots. 


www.nwdocfinder.com/8630 
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NEWSLETTERS 

Increasing  employee 
awareness  about  phishing 


Tech  exec:  In  April  2008,  thousands  of  high- 
ranking  corporate  executives  received  an 
e-mail  message  informing  them  that  they 
were  being  subpoenaed  by  the  United  States 
District  Court  in  San  Diego. The  official-look¬ 
ing  notice,  which  was  personalized  with  the 
executive’s  name,  company  and  phone  num¬ 
ber,  informed  the  recipients  that  they  were 
required  to  appear  before  a  grand  jury  in  a 
civil  case.  An  attachment  supposedly  con¬ 
tained  a  copy  of  the  full  subpoena.  Anyone 
who  clicked  on  the  attachment  —  and  who 
among  us  wouldn’t?  —  unwittingly  down¬ 
loaded  and  installed  a  keystroke  logger  and 
other  malware  that  allows  remote  control  of 
the  PC.This  is  a  classic  case  of  spear  phish¬ 
ing,  or  in  this  case,  whaling  —  the  practice  of 
attacking  the  “really  big  fish”  such  as  corpo¬ 
rate  executives.  And  it  worked,  too.  According 
to  a  security'  researcher  who  volunteers  at  the 
Internet  Storm  Center,  there  were  at  least 
2,000  victims  of  this  phishing  attack.  Almost 
everyone  is  vulnerable  to  a  well-orchestrated 
phishing  attack  like  this  one  simply  because 
we  humans  are  naturally  programmed  to 
respond  to  things  that  are  perceived  as 
important  to  us. 

www.nwdocfinder.com/8623 


Wireless:  There  are  some  attractive  emerg¬ 
ing  options  for  getting  international  mobile 
voice  services  with  predictable,  flat-fee  pric¬ 
ing  models,  as  discussed  last  week.  Now,  what 
about  taming  data  usage  fees?  Granted,  get¬ 
ting  affordable  and  price-predictable  global 
wireless  services  might  not  be  a  huge  issue 
for  Joe  Consumer,  who  either  doesn’t  leave 
the  country  (and  thus  can  get  a  flat-rate  un¬ 
limited  domestic  data  service)  or  has  limited 
communications  requirements  when  abroad. 
Paying  occasional  daily  Wi-Fi  hot  spot  fees  for 
data,  for  example,  might  be  palatable  to  Joe. 
Or,  if  he’s  a  frequent  traveler,  subscribing  to  a 
hotspot  service  for  a  monthly  fee  of  about 
$10  might  do  the  trick.  But  international 
enterprises  with  populations  of  high-end 
smartphone  users  are  seeing  user  expecta¬ 
tions  soar  because  of  devices  such  as  the 
Apple  iPhone  3G.  Users  want  to  take  advan¬ 
tage  of  all  the  phones’  fancy  multimedia  fea¬ 
tures.  Consequently  cellular  bills  for  voice, 
texting  and  data/Internet  usage  are  unpre¬ 
dictable  and  often  shocking  as  per-megabyte 
charges  pile  up  unobtrusively  in  the  back¬ 
ground  when  out  of  earshot  of  a  hot  spot. 
www.nwdocfinder.com/8624 
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Four  security  updates 
due  from  Microsoft 

Microsoft  plans  to  patch  critical  flaws  in  its  Internet  Explorer  and  Microsoft 
Exchange  Server  software  this  week.  In  total,  the  company  will  issue  four 
security  updates,  including  two  critical  fixes  as  well  as  patches  for  Microsoft 
SQL  Server  and  its  Microsoft  Office  Visio.  Although  hackers  could  theoretically 
exploit  bugs  in  all  of  these  products  to  run  unauthorized  software,  Microsoft  rates 
the  SQL  Server  and  Office  flaws  as  less  severe.The  SQL  Server  flaw  may  be  a  known 
issue  that  Microsoft  acknowledged  late  last  year;  security  experts  had  been  expect¬ 
ing  Microsoft  to  patch  this  flaw  in  Februarywww.nwdocfinder.com/8631 


Cisco  not  ruling  out  layoffs.  Cisco  is  not 
ruling  out  layoffs  as  it  grapples  with  the 
worldwide  economic  downturn. The  compa¬ 
ny  will  engage  in  a  “realignment  and  restruc¬ 
turing  of  resources"  in  an  effort  to  reduce 
costs  that  could  result  in  the  elimination  of 
1,500  to  2,000  jobs,  Cisco  CEO  John 
Chambers  told  Wall  Street  analysts  during  a 
second-quarter  earnings  call  last  week.  Cisco 
ended  the  quarter  with  sales  down  7.5%  and 
earnings  down  27%  from  last  year,  yet  still  bet¬ 
ter  than  Wall  Street  estimates.  Guidance  for 
the  third  quarter,  however,  is  somber:  sales  off 
15%  to  20%  from  last  year.  Further  cost  cut¬ 
ting,  restructuring  and  realigning  could  result 
in  the  additional  workforce  reductions,  but 
also  may  allow  Cisco  to  avoid  a  larger  scale 
layoff  of  10%  or  more  of  a  global  workforce 
of  67,000.  www.nwdocfinder.com/8632 

Steve  Wozniak  joins  flash  storage 
start-up.  Apple  co-founder  Steve  Wozniak 
has  a  new  gig  as  the  chief  scientist  at  Fusion- 
io,  a  start-up  that  is  speeding  up  enterprise 
applications  with  a  flash  memory  device 
inserted  directly  into  servers.  Wozniak  joined 
Fusion-io’s  advisory  board  last  October  to 
help  the  company  ramp  up  adoption  of  its 
solid-state  flash  technology  Now  as  chief  sci¬ 
entist  he  will  act  as  a  technical  adviser  to  the 
Fusion-io  R&D  group  and  help  formulate  a 
strategy  to  grow  major  global  accounts, 
Fusion-io  said.  Wozniak,  58,  hasn’t  been  a  full¬ 
time  employee  at  Apple  since  1987;  in  the 
meantime  he  has  been  inducted  into  the 
National  Inventors  Hall  of  Fame  and  co¬ 
founded  wireless  GPS  company  Wheels  of 
Zeus,  which  closed  in  2006. 
www.nwdocfinder.com/8633 

Juniper  switch  enables  mega-router 
creation.  Juniper  unveiled  a  matrix  switch 
for  interconnecting  core  routers  into  a  higher 
density,  more  scalable  system. The  TX  Matrix 
Plus  is  designed  to  enable  service  providers 
to  unite  as  many  asl6  JuniperT1600  core 
routers  into  a  single  25Tbps  system.  It  also 
can  work  with  the  company’s  Juniper  Control 
System  1200  to  enable  the  virtualization  of 


routing  systems,  net¬ 
works  and  services. 
The  JCS  1200  is  a  sepa¬ 
rate  modular  chassis 
that  makes  it  possible 
to  scale  the  control 
plane  hardware  totally 
independent  of  the 
forwarding  plane  hard¬ 
ware.  With  the  TX 
Matrix  Plus  and  JCS 
1200,  Juniper  core 
routers  can  be  parti¬ 
tioned  on  a  per-slot 
basis  into  virtual 
routers,  each  of  which 
might  represent  ser¬ 
vices  or  network  ele¬ 
ment  types,  and  which 
can  share  resources 
such  as  interconnecting  links  and  uplinks. 
www.nwdocfinder.com/8634 

Job  loss  hits  high-tech.  As  more  compa¬ 
nies  report  layoffs,  demand  for  high-tech  pro¬ 
fessionals  is  beginning  to  slide  downward, 
according  to  statistics  released  last  week. 
Global  outplacement  consultancy  Challenger, 
Gray  &  Christmas  said  the  number  of  planned 
job  losses  announced  in  January  reached 
24 1,749,  which  represents  a  45%  increase  over 
December  2008  totals  and  222%  higher  than 
the  74,986  cuts  announced  at  the  beginning 
of  2008.  Separately  career  search  site  Beyond, 
com  reported  that  in  the  fourth  quarter  of 
2008,  demand  for  jobs  in  the  IT  industry  expe¬ 
rienced  the  largest  decrease  in  jobs  over  the 
previous  quarter  (3.5%)  and  over  the  past 
year  (4.7%)  since  the  Beyond.com  started 
publishing  its  quarterly  report  in  2005. 
www.nwdocfinder.com/8635 

Firefox  release  fixes  critical  security 
bugs.  Mozilla  developers  released  the  latest 
version  of  their  Firefox  browser  last  week, 
Version  3.0.6,  which  fixes  several  security 
bugs  in  the  software. The  most  critical  issues 
are  bugs  in  the  browsers  JavaScript  and  lay¬ 
out  engines  that  could  be  exploited  by 


attackers  to  run  unauthorized  software  on  a 
victims  PC,  Mozilla  said. The  flaws  also  affect 
Mozilla’sThunderbird  e-mail  client  and  Sea- 
Monkey  Internet  software  suite. The  update, 
Firefox’s  first  of  the  year,  also  fixes  five  other 
security  bugs  in  the  browser,  all  of  which  are 
considered  less  critical.  Performance  and  sta¬ 
bility  improvements  include  new  code  that 
will  help  scripted  commands,  such  as  those 
used  by  Adblock  Plus,  to  work  better  with 
plug-ins,  and  also  address  a  few  display  issues 
reported  by  users. 
www.nwdocfinder.com/8636 

Oracle  to  acquire  mVaient.  Oracle  has 
entered  into  an  agreement  to  acquire  man¬ 
agement  software  maker  mVaient  for  an  un¬ 
disclosed  amount.  Oracle,  which  industry 
watchers  have  speculated  will  take  a  larger 
stake  in  management  technology,  will  use 
mValent’s  products  to  offer  customers  the 
ability  to  collect,  compare  and  reconcile  con¬ 
figuration  information.  Oracle  will  integrate 
mVaient  technology  into  its  Enterprise 
Manager  product,  which  will  enable  the  com¬ 
pany  to  enhance  root-cause  analysis  capabili¬ 
ties  and  automate  remediation  of  problems 
kicked  off  by  a  configuration  change,  Oracle 
says.  Oracle  expects  the  deal  to  close  in  the 
first  half  of  2009;  until  then,  the  two  compa¬ 
nies  will  remain  separate. 
www.nwdocfinder.com/8637 

2008:  Year  of  the  SQL  injection  attack. 

The  year  2008  can  be  viewed  as  the  year  of 
the  SQL  injection  attack,  according  to  IBM’s 
Internet  Security  Systems  annual  security 
trends  report.  Fifty-five  percent  of  all  vulnera¬ 
bility  disclosures  made  by  vendors  affected 
Web  applications,  a  number  that  does  not 
include  custom-developed  Web  applications. 
Of  those  vulnerability  disclosures,  SQL  injec¬ 
tion-related  vulnerabilities  jumped  134%  to 
replace  cross-site  scripting  as  the  predomi¬ 
nant  type  of  Web  application  vulnerability 
last  year.  Accordingly  attacks  against  Web  sites 
vulnerable  to  SQL  injection  rose  from  an 
average  of  a  few  thousand  per  day  at  the 
beginning  of  2008  to  several  hundred  thou¬ 
sands  per  day  by  year-end,  the  IBM  report 
notes,  www.nwdocfinder.com/8638 

SAP,  Oracle  duel  over  ‘smart’  energy 
metering.  The  rivalry  between  SAP  and 
Oracle  is  heating  up  in  the  area  of  smart 
energy  metering.  SAP  last  Monday 
announced  an  agreement  with  Landis+Gyr 
that  will  see  the  latter  company’s  metering 
infrastructure  integrated  with  SAP’s  business 
application  portfolio  for  utilities.  Oracle  fol¬ 
lowed  with  a  pair  of  announcements,  one 
hyping  an  update  to  its  Utility  Quotations 
Management  software  and  another  listing  a 
string  of  recent  customer  wins  for  its  Meter 
Data  Management  product. 
www.nwdocfinder.com/8649 
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VMware,  Citrix  bolster 
desktop  virtualization 


VMware  goes  open 
source,  while  Citrix 
improves  Xen  Desktop 

BY  JON  BRODKIN 

VMware  has  released  open  source  desktop 
virtualization  software  designed  to  let  its  busi¬ 
ness  partners  optimize  thin  clients  for  the 
delivery  of  personalized  virtual  desktops. 

VMware  View  Open  Client,  available  for 
download  on  the  Google  Code  site,  helps  fur¬ 
ther  VMware’s  strategy  both  for  desktop  virtu¬ 
alization  and  open  source.  VMware  CEO  Paul 
Maritz  said  last  September  that  the  company 
had  considered  open  sourcing  ESX,  its  server 
hypervisor  and  flagship  product. 

Last  week’s  news  doesn’t  go  that  far,  but  it 
does  introduce  an  open  source  component 
into  what  is  expected  to  be  a  fast  growing  mar¬ 
ket  for  virtual  desktops.VMware  cited  Gartner 
research  that  predicts  50  million  user  licenses 
for  hosted  virtual  desktops  will  be  purchased 
by  2013. 

The  open  source  software  is  complemen¬ 
tary  to  the  commercial  product  VMware 
View,  and  will  let  partners  optimize  thin 
clients  and  other  devices  for  that  product, 
the  company  says. 

VMware  View  Open  Client  lets  Linux 
machines  connect  to  remote  Windows  desk¬ 
tops,  but  the  project  Web  site  says  those 
Windows  desktops  must  be  virtualized  with 
the  commercial  version  of  VMware  View. 

Open  Client  features  include  two  factor 
authentication  and  the  ability  to  create  a 
secure  tunnel  using  SSL.  The  initial  release 
does  not  support  multiple  desktop  sessions. 

Meanwhile  Citrix  is  adding  features  to  cut 
the  cost  of  desktop  virtualization  and  improve 
the  user  experience  in  the  new  version  of  its 
XenDesktop  platform. 

In  XenDesktop  3,  Citrix  is  introducing  a  new 
way  to  deliver  desktops.  Using  the  Desktop 
Streaming  feature  companies  will  be  able  to 
stream  the  bits  needed  to  execute  the  operat- 
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ing  system  from  a  server  to  the  endpoint  over 
their  LAN. 

So,  for  example,  power  users  can  take  advan¬ 
tage  of  the  processing  power  on  the  desktop, 
but  the  IT  department  can  still  manage  every¬ 
thing  centrally  in  the  data  center,  the  company 
said. 

When  using  Desktop  Streaming,  companies 
should  aim  for  as  little  hardware  differentia¬ 
tion  as  possible,  because  when  you  stream  the 
desktop  image  it  has  driver  information  and 
hardware  configuration  information  in  it, 
Citrix  says.  The  setup  also  means  that  you 
need  fewer  servers  in  the  data  center,  because 
the  desktop  is  executed  on  the  endpoint  and 
not  on  the  server. 

Desktop  Streaming  will  be  part  of  the 
Advanced,  Enterprise  and  Platinum  Editions 
of  XenDesktop  3,  which  will  start  shipping  by 
the  end  of  February  The  three  versions  cost 
$195,  $295  and  $395  per  concurrent  user, 
respectively.There  will  be  two  versions  without 
Desktop  Streaming:  Standard,  at  $75  per  con¬ 
current  user,  and  Express,  which  is  free. 

In  XenDesktop  3  Citrix  also  has  improved 
the  single-server  scalability  for  companies  that 
still  want  to  execute  desktops  on  the  server. 
Citrix  can  now  run  twice  as  many  virtual  desk¬ 
tops  on  each  server.  On  the  administration 
side  Citrix  has  integrated  profile  management, 
using  technology  it  acquired  from  Sepago  last 
year.  Portable  Profile  Manager  can  be  used  to 
build  desktops  that  feel  personal  to  the  user, 
but  are  based  on  standardized  components. 

In  a  bid  to  further  widen  the  number  of 
users  that  can  use  desktop  virtualization  Citrix 
is  adding  multimedia  capabilities  to 
XenDesktop.  Rather  than  rendering  the  multi- 
media,  the  server  pushes  the  compressed  data 
stream  to  the  endpoint  and  then  the  endpoint 
renders  it. 

Improving  the  user  experience  is  key  if  desk¬ 
top  virtualization  is  to  take  off. There  is  very  lit¬ 
tle  chance  of  virtual  desktops  going  main¬ 
stream,  and  being  adopted  in  a  broad  way, 
unless  you  have  that  user  experience  right,  the 
company  says.  ■ 
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InBrief 


Cisco  warns  of  four  WLAN 
controller  vulnerabilities 

Cisco  last  week  issued  a  security  alert 
warning  of  a  quartet  of  vulnerabilities 
affecting  all  of  its  wireless  LAN  con¬ 
trollers,  including  the  Catalyst  6500  and 
7600  wireless  modules,  with  software  ver¬ 
sion  4.2  or  higher.Three  are  denial-of-ser- 
vice  attacks. The  fourth,  specific  to  soft¬ 
ware  version  4.2.173.0,  could  let  a  restrict¬ 
ed  user  gain  full  administrative  rights  to 
the  controller. The  DoS  attacks  could 
cause  the  controllers  to  hang  or  reload, 
with  repeated  attacks  creating  a  sus¬ 
tained  service  denial  condition,  according 
to  the  alert.  No  workarounds  for  these 
vulnerabilities  exist,  but  Cisco  has  posted 
software  patches  for  all  four  of  them. 

MySQL  co-founder  quits  Sun 

Michael  "Monty"  Widenius,  the  original 
developer  of  the  open  source  MySQL  data¬ 
base,  has  left  Sun  Microsystems  and  is 
starting  his  own  company,  Monty  Program 
Ab.  Widenius  and  Sun  had  a  slightly  rocky 
relationship  since  the  vendor  bought  MySQL 
last  year  for  $1  billion.  In  a  much-discussed 
November  blog  post,  he  trashed  Sun's  deci¬ 
sion  to  give  MySQL  5.1  a  "generally  avail¬ 
able"  designation,  saying  it  was  riddled  with 
serious  bugs.  And  in  his  latest  blog  post, 
Widenius  explained  "the  changes  I  had 
hoped  Sun  would  apply  to  in  the  MySQL 
Database  group  to  fix  our  development  and 
community  problems  did  not  happen  fast 
enough."  He  and  Sun  parted  on  good  terms, 
Widenius  added.  "I  still  think  that  Sun  was 
the  best  possible  buyer  for  MySQL  and  1 
feel  sad  that  things  didn't  work  out  togeth¬ 
er."  Monty  Program  Ab  will  work  on  the 
Maria  project,  a  storage  engine  Widenius 
and  others  developed. 

NetApp  discontinues  SMB  stor¬ 
age  appliance 

NetApp  is  discontinuing  StoreVault,  a  net¬ 
work  storage  appliance  designed  for  small 
and  midsize  businesses,  to  focus  its 
resources  on  midsize  enterprises  and  large 
companies.  While  NetApp  will  not  provide 
any  further  product  upgrades  for 
StoreVault,  which  had  recently  been 
renamed  the  S  Family/S550,  it  will  continue 
supporting  the  product  for  three  more  years. 
The  company  said  it  is  now  including  the 
S550  in  an  upgrade/trade-in  program  and 
urged  customers  to  consider  its  new 
FAS2020  product  bundles,  which  will  be 
released  this  month  and  consist  of  high- 
capacity,  low-cost  SATA  drives. 
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Start-up  targets  supercomputing  field 


BY  JON  BRODKIN 

The  supercomputing  world  is  one  of  giant 
government  labs,  big  machines  and  speeds 
measured  in  hundreds  of  trillions  of  calcula¬ 
tions  per  second.  But  a  new  company  called 
SiCortex  is  trying  to  bring  the  benefits  of  high- 
performance  computing  to  smaller  enterprises 
and  research  groups,  particularly  those  wor¬ 
ried  about  the  rising  cost  of  electricity 

Competing  against  Dell,  HP  and  IBM, 
SiCortex  officials  hope  their  approach  com¬ 
bining  high-performance  computing  with 
energy-efficient  design  is  disruptive  enough  to 
shake  up  what  they  believe  has  become  a  stag¬ 
nant  market. 

“This  is  a  systems  company  and  it’s  been  a 
long  time  since  anybody  actually  built  and  de¬ 
ployed  a  systems  company  says  chief  engineer 
and  co-founder  Matt  Reilly 

SiCortex  has  84  employees  and  is  headed  up 
by  CEO  Chris  Stone,  a  former  Novell  executive 
responsible  for  engineering  and  product  man¬ 
agement  from  2002  to  2004. 

Also  among  its  top  executives  is  co-founder 
and  chief  architect  Jud  Leonard,  who  previ¬ 
ously  co-founded  Agile  Systems  and  TLW  Both 
Leonard  and  Reilly  worked  at  Digital  Equip¬ 
ment  Corporation,  and  Reilly  is  also  a  veteran 
of  Compaq  and  Intel. 

SiCortex  shipped  its  first  beta  machine  in 
July  2007  and  went  into  production  early  in 
2008. 

In  an  attempt  to  convince  customers  that  its 
systems  are  unusually  efficient,  SiCortex  devel¬ 
oped  a  benchmark  called  the  Green  Com¬ 
puting  Performance  Index,  which  measures 
performance  per  kilowatt  and  gives  SiCortex  a 
score  of  about  70%  better  than  the  IBM  Blue 
Gene/Rone  of  the  most  advanced  supercom¬ 
puters  in  the  world. 

“We  chose  a  processor  whose  design  sup¬ 
ported  power  savings  in  ways  that  were  impor¬ 
tant  to  us,”  Leonard  says.  “We  watched  where 
power  was  being  spent  and  worked  very  hard 
to  control  it. . . .  It’s  a  matter  of  tackling  it  up  and 
down  the  line.That’s  how  you  get  order-of-mag- 
nitude  savings,  instead  of  15%  savings.” 

SiCortex  sells  three  machines:  a  desktop 
computer  with  72  processors,  a  mid-range  sys¬ 
tem  with  1 ,458  processors,  and  the  biggest  of 
all,  a  5,832-processor  system  that  costs  more 
than  $1  million  and  delivers  speeds  of  8  ter- 
aflops,  which  means  it  can  perform  8  trillion 
calculations  per  second. The  fastest  supercom¬ 
puter  in  the  world,  an  IBM  machine  at  Los 
Alamos  National  Laboratory  in  New  Mexico, 
performs  more  than  1,000  trillion  calculations 
per  second. 

But  SiCortex  isn’t  aiming  to  build  the  fastest 
supercomputer  in  the  world,  or  even  the  most 
reliable.  The  markets  the  company  targets  — 
small  enterprises,  collaborative  groups,  univer¬ 
sity  departments  and  divisions  within  national 


SiCortex  co-founder  Jud  Leonard 
helped  build  the  SC5832,  a  highly  effi¬ 
cient  and  high-performance  computer 
that  costs  more  than  $1  million. 
Leonard  is  holding  one  of  36 
motherboards,  each  of  which  has  162 
processors. 

labs  —  won’t  spend  enough  to  get  five  nines  of 
availability,  says  SiCortex  CTO  John  Goodhue. 

For  its  processors,  SiCortex  purchased  intel¬ 
lectual  property  from  several  sources  includ¬ 
ing  the  company  MIPS  Technologies,  and  mod¬ 
ified  the  design  to  suit  its  own  needs.  The 
Linux-based  machines  use  a  network  of 
Leonard’s  design. 

“In  an  Ethernet  or  Infiniband  environment, 
you  have  processing  nodes  and  you  have  sep¬ 
arate  switches.  That’s  called  an  indirect  net¬ 
work,”  Leonard  says.“Ours  is  a  direct  network  in 
which  each  component  of  the  system  includes 
a  small  portion  of  the  switch  fabric  and  you 
wire  them  together  so  you  don’t  need  a  sepa¬ 
rate  component  to  do  the  fabric  switching.” 

An  individual  processor  can  be  very  fast,  but 
isn’t  worth  much  in  a  cluster  if  the  entire  sys¬ 
tem  has  slow  communication,  Reilly  says. 

“If  you’re  going  to  scale  up  to  hundreds  of 
thousands  of  processors  you  have  to  get  the 
communication  bottleneck  out  of  the  way  or  at 
least  you  have  to  mitigate  it,"  Reilly  says.“So  we 
start  with  a  relatively  modest  processor  and 
connect  it  to  a  really  fabulous  communica¬ 
tions  network.” 

SiCortex  has  sold  about  60  computers,  which 
are  named  for  the  number  of  processors  (for 


instance,  SC072,  SC1458  and  SC5832).  Inside 
the  roughly  6-foot-tall  5832  are  as  many  as  36 
motherboards,  each  of  which  has  162  proces¬ 
sors.  Nine  of  the  motherboards  fit  into  the  1458, 
which  costs  several  hundred  thousand  dollars 
depending  on  the  configuration,  while  the  72- 
processor  desktop  uses  a  smaller  version  of  the 
SiCortex  motherboard. 

The  desktop  costs  about  $25,000,  but  orga¬ 
nizations  that  buy  the  larger  systems  get  a 
couple  free. 

Purdue  University  among  SiCortex’s  earliest 
customers,  purchased  the  5832  and  has  outfit¬ 
ted  it  with  4,536  processors.  Purdue  CIO  Gerry 
McCartney  is  impressed  by  the  vendor’s  ability 
to  provide  massive  computational  power  at  a 
low  cost,  but  notes  that  it  can’t  be  used  in  all 
high-performance  computing  environments. 

Rather  than  provide  ultra-fast  processors, 
SiCortex  takes  inexpensive,  slow  processors 
and  gives  you  a  ton  of  them  stitched  together 
with  very  fast  interconnect  technology  he  says. 

“Here’s  the  difficulty:  Which  is  better,  a  motor 
coach  that  can  hold  50  people,  10  Chevettes 
that  can  hold  50  people,  or  50  Ferraris  that  can 
move  50  people?  [SiCortex]  is  the  Chevette 
model,”  he  says. 

SiCortex’s  model  is  ideal  for  many  applica¬ 
tions  that  require  parallel  processing,  McCart¬ 
ney  says.  A  5832  might  be  useful  for  designers 
of  animated  films,  who  need  to  render  millions 
of  frames,  he  speculates.  At  Purdue,  researchers 
in  computational  fluid  dynamics  are  using  the 
SiCortex  for  research  on  jet  engines. 

But  applications  that  require  huge  amounts 
of  sequential  calculations  would  not  be  ideal 
for  a  SiCortex  system,  McCartney  says. 

“It’s  a  niche  machine,”  he  says. “It’s  not  for  all 
types  of  high-performance  computing.  It’s  an 
awful  lot  of  very  slow  processors.  [That’s  good] 
if  you  can  chop  your  jobs  up  into  bite-sized 
pieces.  If  you  can  only  use  one  processor  at  a 
time,  this  thing’s  going  to  be  horrible.  You’ve 
really  got  to  be  able  to  chop  your  job  up  so 
you  can  use  a  couple  hundred  processors 
simultaneously’ 

If  the  SiCortex  model  does  fit  your  comput¬ 
ing  needs,  it  brings  great  benefits  in  terms  of 
power  and  cooling.  If  not  for  SiCortex,  McCart¬ 
ney  says  he  would  need  to  buy  additional  cool¬ 
ing  equipment  and  transformer  capacity  in 
order  to  substantially  increase  his  computing 
power. 

“To  put  in  a  couple  million  dollar  machine,  I 
have  to  spend  at  least  another  two  or  three  mil¬ 
lion  on  infrastructure  that  doesn’t  do  anything 
for  me  compute-wise,”  he  says.“In  fact,  it  just  in¬ 
creases  my  electricity  bill.” 

In  addition  to  Purdue,  SiCortex’s  customer 
base  includes  NASA,  the  Department  of 
Energy’s  Argonne  National  Lab,  an  unnamed 
intelligence  agency  within  the  Department  of 
Defense  and  General  Electric.  ■ 
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Your  IT  challenges 
come  in  all  sizes. 

So  do  our  solutions. 


IT  problems  happen,  but  disruption  doesn't  have  to  be  a  part  of  the  process. 
From  power  outages  to  downed  email.  SunGard  is  there  to  keep  it  all  flowing. 
What  makes  10,000  customers  trust  and  depend  on  SunGard?  A  30-year 
history  of  doing  it  right. 

With  the  widest  range  of  Information  Availability  services  in  the  industry, 
SunGard  offers  the  solutions  to  cover  it  alt— no  matter  what  the  availability 
requirement,  from  production  to  recovery.  SunGard's  infrastructure  has 
redundancies  at  every  level— we’ve  invested  so  you  don’t  have  to.  At  SunGard. 
we  know  you  need  higher  levels  of  availability,  and  we  deliver.  So  leave  your 
worries  to  us. 


To  leam  more  about  how  to  keep  your  people  and  information  connected, 
visitwww.availability.sungard.com/sgl  or  call  1-866-673-6616. 


AdvancedRecoverySM  with  a  100%  recovery  record 
and  a  breadth  of  services  offered 

AdvancedHosting5M  with  over  2,000  customers 
and  34  production  facilities  with  a  range  of  managed 
IT  services 


Consulting  with  more  than  100.000  action 
plans  delivered 


Continuity  Management  Software  the  most 
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widely  used  to  keep  businesses  up  and  running 
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Sprint’s  4G  guy:  on  the  need  for  speed 


Todd  Rowley  helped  to  conceive  Sprints  mobile  WiMAX play,  to 
midwife  its  birth,  to  name  it  Xohm,  play  matchmaker  for  its  mar¬ 
riage  with  Clearwire,  wave  goodbye  with  the  launch  of  the  Clear 
network  build  out.  ..and  he  still  can 't  let  go. 

Rowley  now  heads  up  the  Sprint  4G/WiMAX  business  unit,  for¬ 
mally  announced  last  December.  The  mission:  offer  “ next  genera¬ 
tion"  4G  services  -  multi-megabit  wireless  data  services  over 
WiMAX.  It  will  do  that  by  acting  as  a  mobile  virtual  network 
operator,  with  a  wholesaler  deal  to  resell  those  services  on  the 
still-emerging  WiMAX  network  being  built  by  Clearwire. 


The  Clearwire  venture  lit  up  its  first  WiMAX 
city  just  last  month:  Portland ,  Ore.  Service 
plans  range  from  $20  to  $60  per  month. 

The  emphasis  on  “4G" rather  than  WiMAX  is 
a  subtle  but  telling  change.  It  suggests  to  cus¬ 
tomers  that  these  services  are  just  like  the 
better,  faster,  more  advanced  3G  cellular  ser¬ 
vices  increasingly  being  adopted,  but  even 
better,  faster  and  more  advanced.  Last  fall, 
what  was  then  Sprint’s  Xohm  unit  launched 
mobile  WiMAX  sewice  in  Baltimore,  with 
impressive  multi-megabit  speeds.  Here  is  an 
edited  version  of  his  interview  with  Senior 
Editor  John  Cox. 

Sprint  made  endless  headlines  with  its 
decision  to  build  a  nationwide  WiMAX  net¬ 
work.  Now  it’s  not  building  it  What  gives? 

When  Sprint  made  its  initial  WiMAX  deci¬ 
sion  in  2006,  we  evaluated  all  the  various 
technologies. .  .and  made  the  business  deci¬ 
sion  to  proceed  with  WiMAX. We  felt  LTE 
[Long  Term  Evolution,  the  evolution  of  GSM 
cellular  technology  to  support  multi¬ 
megabit  broadband]  and  other  options 
would  lag  behind  this  by  a  couple  of  years. 
We  [subsequently]  made  a  decision  that 
we  were  not  in  a  position  to  fund  a  nation¬ 
wide  network  for  $5  billion.  We  needed  to 
find  partners  to  help  us  do  that.  But  we  still 
felt  it  was  critical  for  the  company  to  have 
this  solution. 

Hence,  last  year’s  creation  of  the  joint 
venture?  [Completed  last  December, 
bringing  in  $3.2  billion  in  capital  for  the 
build-out] 

But  as  part  of  the  deal,  what  was  impor¬ 
tant  to  Sprint  was  to  maintain  the  ability  to 
have  access  to  a  4G  product  and  service. 
We  wanted  that  in  our  product  portfolio:  it’s 
a  huge  differentiator  for  us  in  the  market¬ 


place  against  Verizon,  AT&T,T-Mobile  and 
others.  We  needed  a  group  to  retail  the  ser¬ 
vices  we  could  sell  over  this  [new]  net¬ 
work.  We  wanted  to  do  this  in  a  way  that 
would  mainstream  this  effort  into  our  exist¬ 
ing  organization. The  company  asked  me  to 
lead  this  group. 

How  does  the  4G  group  relate  to  the  rest 
of  Sprint? 

It’s  a  small  team  working  with  the  [existing] 
product  and  sales  organizations  for  our 
CDMA  and  IDEN  and  wireline  services.  4G 
is  [now]  another  product  in  their  portfolio.  I 
develop  the  business  plans  and  marketing, 
and  work  with  other  units  to  execute  on 
those  plans. 

There  were  some  delays  in  the  WiMAX 
rollout.  And  the  economic  crisis  could 
affect  the  roll-out  and  subscriber  adop¬ 
tion.  Won't  that  give  LTE  providers  a 
chance  to  catch  up? 

It’s  unclear  what  they’re  timing  is  and 
whether  they’re  prepared  to  aggressively  roll 
out  those  technologies.  It  will  take  them  a 
couple  of  years  to  get  to  where  we  are 
today  It  could  take  them  even  longer. 

Why  do  you  think  you  can  sell  4G  data 
services  to  your  existing  subscribers? 

Initially,  we  know  we  can  complement  our 
existing  products.  If  you  look  at  our  [sale 
of]  3G  data  cards  today  and  in  the  market 
in  general,  that’s  a  significant  market  and  it’s 
continuing  to  grow  significantly. There  are 
about  9  million  total  3G  card  customers 
today  in  U.S.,  growing  to  20  to  25  million  in 
the  next  few  years. 

Today  we  [now]  offer  a  dual  3G/4G 
data  card  [the  U300,  by  Franklin  Wireless. 
You  can  access  our  nationwide  3G  net¬ 


work,  but  when  they’re  in  a  4G  footprint, 
you  get  the  turbo-charged  speeds  [of 
WiMAX],  It  can  switch  between  them 
based  on  coverage. 

The  4G  capacity  gives  home  users  a 
chance  to  cut  the  [broadband]  cord.  And 
with  the  speeds  that  4G  gives  you,  we  think 
it’s  very  attractive  to  the  business  market.  It 
will  enable  a  lot  of  applications  that  3G 
nets  might  not  be  able  to  support  today 

How  are  the  Baltimore  customers 
responding? 

Remember,  we’re  just  a  few  weeks  into 
the  Sprint  rollout  of  our  dual-mode  card. 
We’ve  been  pleased  with  the  results,  and 
the  responses  from  customers  have  been 
outstanding. They  really  notice  those 
blazing  speeds. 

This  is  a  data  card  initially  So  we  think 
there’s  an  opportunity  for  individual  sub¬ 
scribers.  In  the  18-to-35  age  groups,  there’s  a 
definite  trend  to  ‘cut  the  cord’  for  voice,  and 
our  4G  service  will  give  them  the  opportuni¬ 
ty  to  that  for  data  as  well.  But  it’s  difficult  for 
a  family  at  this  point  to  cut  the  cord. We 
know  the  performance  and  capability  are 
there  to  do  that.  It’s  a  function  of  us  finding 
the  right  messaging  and  niche  and  devices 
to  enable  them  to  do  that. 

Are  Baltimore  business  users  buying 
into  4G? 

The  largest  percentage  of  our  base  over  the 
first  few  weeks  is  definitely  coming  from 
the  business  market.The  idea  is  high-perfor¬ 
mance  broadband  capability  on  the  go. 
They  have  definitely  been  the  early 
adopters. 

My  sense  is  that  what  we’ve  been  seeing 
is  that  high  users  of  3G  data  cards  are 
upgrading  to  this  premium  [4G]  service, 
and  finding  it  a  much  better  service  for 
them.  It’s  a  mix  of  road  warriors  and  field 
support  teams. 

Sprint  has  been  working  with  vendors  to 
seed  markets  with  WiMAX  client  gear. 
What's  ahead? 

We’ll  be  adding  standalone  4G  cards  and 
modems,  and  a  dual-mode  [mobile] 
phone  running  on  3G  and  4G.  We’ll  have 
services  truly  optimized  for  4G.  Look  for 
us  to  have  a  series  of  other  devices  and 
services  launched  over  the  next  12 
months,  adding  to  our  3G/4G  base,  both 
for  our  existing  customers  and  to  attract 
new  customers.* 
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Endpoint  security  gets  ‘suite' 

Symantec,  McAfee  others  push  suites  over  standalone  products 


BY  ELLEN  MESSMER 

Is  corporate  endpoint  security  turning  into  a  “suite”  spot?  The  market’s 
top  two  players,  Symantec  and  McAfee,  continue  to  win  about  40% 
of  the  highly  fragmented  corporate  endpoint  security  market,  now  at 
about  $3  billion,  while  distant  third  Trend  Micro  at  about  6%  suddenly 
finds  itself  neck-and-neck  with  Sophos,  the  antimalware  vendor  that 
acquired  endpoint  encryption  firm  Utimaco  late  last  year._ 


But  the  race  to  win  the  corporate  customer 
is  shifting  from  stand-alone  antivirus-style 
products  to  burgeoning  software  suites  that 
combine  antimalware,  network  access  con¬ 
trol  (NAC),and  now  systems  management. 

Though  dozens  of  competing  vendors 
craft  products  for  specific  security  and  sys¬ 
tems  management  functions  —  and  many  IT 
managers  strongly  argue  they  prefer  it  that 
way  and  fret  about  vendor  lock-in  —  there’s 
some  cause  to  think  the  future  may  be  dom¬ 


inated  by  endpoint  suites. 

“The  trend  for  endpoint  is  primarily  that  it 
has  been  moving  to  suite  solutions,” says  IDC 
security  analyst  Charles  Kolodgy  “There’s  a 
move  to  incorporate  much  more  than  secu¬ 
rity  into  the  endpoint  suites  —  configuration 
control,  patch  management  and  other  sys¬ 
tems  management  capabilities.” 

IDC  research  for  the  corporate  market 
shows  stand-alone  antimalware  sales  stalled 
in  2007,  dropped  to  $1.14  billion  last  year 


and  is  expected  to  fall  to  $1.05  billion  this 
year.  But  the  category  IDC  calls  “security 
suites”is  quickly  rising, from  $637.7  million  in 
2007  to  a  predicted  $1.21  billion  this  year. 

While  Symantec  and  McAfee  already  have 
their  own  systems  management  software  — 
Symantec  acquired  Altiris  and  McAfee  has 
McAfee  Remediation  Manager  —  to  inte¬ 
grate  into  the  endpoint  agent,  Trend  Micro 
last  month  elected  to  team  with  a  partner, 
somewhat  as  it  has  done  with  Third  Brigade 
on  host  intrusion  detection. 

Trend  Micro  is  joining  forces  with  BigFix  to 
come  up  with  the  Endpoint  Security  Plat¬ 
form  —  based  on  the  BigFix  management 
console  that  Trend  Micro  will  offer  under  its 
own  brand. 

“BigFix  has  best-of-breed  client  patch  man¬ 
agement  and  security  configuration;  we 
have  antivirus  and  Web  protection,”  says  Ron 
Clarkson, Trend  Micro’s  director  of  enterprise 

See  Endpoint,  page  14 


Nagging  NAG  questions 


Symantec  and  McAfee  appear  to  be 
bumping  up  against  a  common  wall 
when  it  comes  to  one  component 
typically  found  in  security  software 
suites:  Network  access  control. 

Companies  are  buying  NAC-style  fea¬ 
tures  in  suites  from  these  two  vendors  — 
but  they're  just  not  using  it  much. 

“NAC  was  very  hyped  but  it’s  difficult 
to  deploy,"  acknowledges  Patrick 
Wheeler,  Symantec’s  product  manager 
for  endpoint  compliance.  “The  policy  is 
difficult. There  are  phases  for  network 
access  control  and  the  easiest  thing  to 
do  is  ‘audit’  only.That’s  what  most  are 
doing. They're  not  enforcing  or  blocking." 

McAfee  CEO  Dave  DeWalt  concedes 
NAC  is  "still  a  nascent  area." 

Darrell  Rodenbaugh,  senior  vice  presi¬ 
dent  of  McAfee's  mid-market  business 
unit,  adds:  “NAC  probably  won't  play  a 
significant  role  in  the  mid-market  in  the 
near  term." 

Some  of  McAfee’s  most  enthusiastic 
endpoint-security  customers  just  aren’t 
sold  on  it. 

“We're  licensed  to  use  it  with  McAfee 
but  we’ve  only  taken  tentative  steps  with 


it,"  says  Paul  Baltzell,  director  of  distrib¬ 
uted  services  for  the  state  of  Indiana. 
“NAC  is  of  interest  but  it  makes  us  ner- 
vous.The  potential  is  definitely  there  to 
shut  down  users,  shut  them  out  of  the 
network.  NAC  is  something  we're  playing 
with  but  we're  looking  at  Cisco  NAC  also. 
We're  not  sure." 

Gartner  research  director  Lawrence 
Orans  says  Cisco  has  more  traction  on 
NAC  because  it  tends  to  be  a  decision 
made  by  the  network  team  inside  an 
organization.  But  he  adds  that  about 
80%  of  Gartner’s  clients  who  use  any 
vendor’s  NAC  use  it  mainly  for  “guest 
networking.  This  first  phase  is  simply  to 
ask  'Are  you  one  of  us,  yes  or  no,”' 
Orans  says.  About  15%  use  NAC  for 
"endpoint  base-lining  —  to  see  if  it’s  got 
patches,  or  antivirus  or  a  personal  fire¬ 
wall,"  he  says,  adding,  "but  very  few  use 
it  for  quarantining.” 

The  most  ambitious  users  of  NAC  can 
be  found  in  university  environments, 
Orans  notes,  because  IT  administrators 
have  found  it  to  be  a  huge  help  in  the 
management  challenges  they  face  in  pro¬ 
tecting  campus  networks  where  students 


and  others  bring  their  own  laptops. 

That’s  the  case  at  Iona  College  where 
at  the  start  of  every  new  academic  term, 
the  network  access  controller  — 
CyberGate  from  vendor  InfoExpress  — 
checks  every  computer  seeking  to  gain 
access  to  the  campus  wireless  network. 

It  then  installs  the  InfoExpress  NAC 
software  agent,  which  makes  sure  every 
student  is  running  the  appropriate 
antivirus  software  and  has  updated 
patches,  says  Dimitris  Halaris,  associate 
vice  provost  for  IT. 

The  InfoExpress  agent  makes  sure  that 
the  antivirus  software  the  college 
requires  —  Symantec's  Norton  AntiVirus 
—  is  on  every  student’s  machine  and  up 
to  date,  and  quarantining  does  occur. 

This  process  has  been  in  place  since  last 
summer  and  "it  has  alleviated  the  need 
to  have  15  people  hands-on  on  a  moving 
day,"  Halaris  says. 

A  few  years  ago  the  New  Rochelle, 

N.Y.,  college  tried  the  Symantec  NAC  but 
at  the  time  it  didn’t  support  enough  oper¬ 
ating  systems  to  work  well  in  the  campus 
environment,  Halaris  says. 

—  ELLEN  MESSMER 
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Corporate  security  suites  on  the  rise 

Customers  are  showing  a  preference  for  suites  over  standalone  products 
(though  standalone  encryption  products  are  expected  to  hold  their  own) 


(in  thousands  of  dollars) 

2007 

2008 

2009 

2010 

2011 

Antimalware 

$1,260 

$1,146 

$1,055 

$1,002 

$950.0 

Endpoint  threat  management  (includes 
desktop  firewall,  host  IDS/IPS) 

$274.1 

$241.2 

$219.1 

$205.2 

$196.9 

Security  suites 

$637.7 

$914.2 

$1,215.8 

$1,510 

$1,811 

Other  endpoint  security  (includes  NAC, 
encryption,  data-leak  protection) 

SOURCE:  IDC 

$475.7 

$642.3 

$802.8 

$935.4 

$1,071 

Endpoint 
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endpoint  security’  The  company  views  the 
alliance  as  strategically  important  to  compete 
with  McAfee  and  Symantec  in  the  larger  cor¬ 
porate  market. 

Trend  Micro’s  Endpoint  Security  Platform  is 
expected  out  later  this  quarter,  along  with  a 
new  version  of  its  long-running  OfficeScan  that 
will  be  able  to  integrate  systems  management 
capabilities. 

Symantec’s  souped-up  suite  in  this  race  is 
Symantec  Endpoint  Protection,  and  McAfee’s 
is  Total  Protection  for  Endpoint  Advanced. 

The  appeal  in  the  security  suites  is  a  single 
code  base  and  smaller  footprint  than  having 
five  or  six  separate  software  agents,  common 
management,  plus  somewhat  lower  cost, 
Kolodgy  says. 

According  to  McAfee  CEO  Dave  DeWalt,  the 
cost-saving  is  “at  least  30%”  in  buying  the  inte¬ 
grated  endpoint  suite  vs.  McAfee’s  separate 
software  products.  DeWalt  says  a  third  of 
McAfee’s  installed  base  in  the  enterprise  mar¬ 
ket  has  shifted  to  theTotal  Protection  suite,  with 
the  various  security  and  systems  management 
functions  supported  by  McAfee’s  ePolicy  Or- 
chestrator  management  console. 

Suite  nothings? 

The  fact  that  endpoint  security  vendors  are 
packing  ever-more  functionality  into  endpoint 
agents  does  give  some  IT  professionals  pause. 

The  Sophos  Endpoint  Security  and  Control 
product,  which  packs  in  antimalware,  desktop 


firewall,  NAC  and  more,  is  fine, says  Peter  Clark, 
director  of  information  security  at  Jordan’s 
Furniture  in  Avon,  Mass.,  even  as  he  acknowl¬ 
edges  the  furniture  chain  isn’t  using  the  NAC 
component  yet. 

But  Clark,  and  Ethan  Peterson,  Jordan’s  net¬ 
work  engineer,  say  they  question  whether  it 
would  be  an  advantage  to  also  pack  in  systems 
management. 

“When  a  vendor  tries  to  do  everything,  it 
doesn’t  always  work  out,”  Peterson  notes, 
adding,  “In  some  cases  stand-alone  has  better 
value  for  the  product,  and  it’s  nice  to  have  sep¬ 
aration  of  security  and  systems  management.” 

Care  New  England  Health  Systems,  which 
includes  three  hospitals,  makes  use  of  Kas¬ 
persky’s  antimalware/desktop  firewall  software 
on  4,000  workstations,  mostly  Windows  XRsays 
Keith  Lee,  end-user  services  manager  there.  He 
says  he’s  more  inclined  to  look  for  “best  of 


breed”  vs.  combining  many  separate  security 
and  systems  management  into  one  single  soft¬ 
ware  agent. 

Josh  Corman,  principal  security  strategist  for 
the  IBM  Internet  Security  Systems  division, says 
he’s  heard  customers  call  the  endpoint  suites 
“suite  nothings.” “With  the  big  suites,  some  feel 
they’re  giving  up  choice  and  they’re  afraid  of 
vendor  lock-in,”  Corman  says. 

The  push  to  pack  more  into  the  security  end¬ 
point  is  bringing  in  a  wave  of  change  in  both 
the  systems  management  market  and  the  secu¬ 
rity  market  over  the  next  years,  according  to 
IDC.  IDC  predicts  the  worldwide  corporate 
endpoint  security  market  will  hit  $4.41  billion 
by  2012.  The  security  suites  are  expected  to 
comprise  almost  half  of  this  market  by  then, 
eclipsing  stand-alone  antimalware  and  other 
categories  such  as  endpoint  threat  manage¬ 
ment,  which  will  be  in  sharp  decline.  ■ 


The  many  flavors  of  carrier  Ethernet 


One  of  my  favorite  Mark  Twain  quotes  is  a 
riddle  about  semantics:  If  you  call  a  dog’s 
tail  a  leg,  how  many  legs  does  the  dog 
have?  The  answer:  Four,  because  calling  a  dog’s 
tail  a  leg  doesn’t  make  it  one. 

Semantics  can  be  tricky  when  it  comes  to 
technology  too. Take  the  concept  of  “carrier 
Ethernet.”We  think  we  know  what  it  means: 
Ethernet  services  provided  by  carriers.  But  it’s 
not  that  obvious. There  are  three  distinct  offer¬ 
ings,  all  with  specific  characteristics,  under  the 
broad  umbrella  of  carrier  Ethernet.  Worse, 
these  days  all  three  offerings  are  typically  pro¬ 
vided  over  the  carrier’s  MPLS  backbone  —  so  technically  all  three 
qualify  as  “MPLS  services.”  (Remember,  MPLS  is  a  technology  not  a  ser¬ 
vice.  It  can  be  used  to  offer  a  range  of  services,  from  Layer  1  through 
Layer  3.Yet  confusingly  both  users  and  carriers  refer  to  Layer  3  MPLS, 
defined  in  IETF  RFCs  2547  and  4364,  as  “MPLS.”) 

The  three  flavors  of  carrier  Ethernet  are: 

•  Ethernet  access  to  MPLS  services.  Here,  the  carrier  provides  a 
direct  Ethernet  interface  to  “classic”  Layer  3  MPLS  services.The  user’s 
customer  edge  (CE)  router  connects  with  the  carrier’s  provider  edge 
(PE)  router  across  an  Ethernet  interface,  and  the  carrier  routes  the 
user’s  traffic  across  the  cloud. The  upside:  higher-speed  access  to  tradi¬ 
tional  MPLS  services,  with  all  the  QoS  support  that  MPLS  provides.The 
downside:  the  carrier  is  involved  in  IP-layer  routing. 

•  Point-to-point  Ethernet  services.  Here,  the  carrier  provides  a  direct 


Ethernet  interface  to  the  user,  but  only  at  Layer  2.The  user’s  CE  router 
connects  to  a  carrier  switch  (typically  MPLS)  that  transports  traffic 
across  the  cloud,  but  looks  and  feels  like  a  WAN  Ethernet  link. That  is, 
the  IP  device  that  the  user’s  CE  router  is  connected  to  is  another  CE 
router  across  the  cloud.  The  upside:  a  clean, simple  link  across  the 
WAN  —  ideal  for,  say  high-bandwidth  links  between  data  centers.  The 
downside:  as  the  name  implies,  the  link  is  point-to-point,  meaning  that 
the  service  doesn’t  scale  to  a  full-blown  WAN. 

•  Multipoint  Ethernet  services,  or  virtual  private  LAN  services.  Here, 
the  carrier  provides  a  direct  Ethernet  interface  to  the  user,  again  at 
Layer  2.The  user’s  CE  routers  interconnect  across  what  looks, smells 
and  feels  like  a  “LAN  across  the  WAN” —  with  all  IP  routing  controlled 
and  managed  by  the  user. The  upside:  it’s  simple  to  install  and  config¬ 
ure,  compared  with  MPLS.The  downside:  QoS  isn’t  native  (though  car¬ 
riers  have  different  ways  of  prioritizing  customer  traffic  at  Layer  2). 
Additionally,  there  may  be  some  challenges  with  scalability.  I  haven’t 
seen  any  multipoint  Ethernet  networks  larger  than  roughly  200  sites  — 
MPLS  networks,  in  contrast,  are  often  several  thousand  sites. 

Users  are  increasingly  interested  in  adopting  all  flavors  of  carrier 
Ethernet  —  63%  of  the  folks  I  work  with  have  some  flavor  of  Ethernet 
services,  and  85%  say  they  plan  to  expand  their  use  of  such  services,  pri¬ 
marily  because  of  the  ease  of  configuration  and  lower  cost  of  band¬ 
width.  The  key  to  doing  so  successfully?  Know  which  one  you  want. 

Johnson  is  president  and  senior  bunding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 


EYE  ON  THE 

CARRIERS 

Johna  Till  Johnson 
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SAL’S  POINT  OF  VIEW 

. 


The  Real 


Financial  services  firms  like  ours  are  very  dependent  on  the  use  of 
email  and  Web  connectivity  to  conduct  our  business.  As  the  Director 
of  information  technology  I  have  to  make  the  security  of  those  channels 
my  top  priority. 

And  as  the  use  of  the  domain  name  system  to  conduct  attacks,  steal 
data  and  interrupt  business  has  increased,  so  has  our  need  to  monitor 
our  communication  channels.  In  this  new  environment,  using  standard 
command  line  tools  to  detect  and  fix  critical  problems,  particularly  in  a 
crisis,  is  no  longer  an  option.  It's  time  consuming  and  costly.  And  frankly, 
that's  time  I  don't  have  and  a  cost  my  firm  can't  afford.  Like  any  smart 
IT  guy  I  look  for  the  most  efficient  solution  to  solve  a  problem.  That's  why 
I  absolutely  depend  on  DNSstuff  to  stay  on  top  of  my  domain  management 
responsibilities  and  fix  a  DNS  problem  fast  in  a  crisis.  DNSstuff  is  rock 
solid  and  reliable;  an  every  day  tool  that  I  can't  afford  to  be 
without.  I  can  make  DNS  changes  quickly,  manage  my 
domains  with  ease,  and  run  a  report  in  seconds.  And 
DNSstuff's  24  hour  alert  service  helps  me  detect 
critical  changes  before  my  users  do. 

Like  it  or  not,  businesses  are  more  vulnerable 
than  ever  to  DNS  attacks.  I  sleep  better  at 
night  knowing  I  can  depend  on  DNSstuff  to 
deal  with  it.  That's  my  point  of  view. 

For  real. 


-  SAL  QUINONEZ 

IT  Director,  Thomas  H.  Lee  Partners 


1  DNS  tuff.com 

ROCK  SOLID  AND  DEPENDABLE 
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Microsoft’s  new  era  in  voice 

With  the  release  of  Office  Communications  Server  2007  R2,  Microsoft  has 
added  a  SIP  trunking  gateway  that  is  the  final  msgor  milestone  in  completing 
a  story  around  moving  the  PBX  to  software. 

Key  additions 

e  Session  Initiation  Protocol  (SIP)  trunking: 

Brokers  connection  between  OCS  2007  R2  IP  telephony  and  the  public-switched 
telephone  system  and  provides  services  such  as  dynamic  call  routing.  Microsoft  has 
two  qualified  SIP  trunking  service  providers  in  Global  Crossing  and  Sprint. 

®  Attendant  console  and  delegation: 

Software  gives  operator  ability  to  receive  and  route  incoming  calls/conferences  to 
users. 

Dial-in  audio  conferencing: 

A  bridge  that  lets  users  dial  in  and  join  conference  using  a  pin  number. 

Work  left  to  be  done 

•  Deeper  application  and  workflow  integration,  including  with  Web-based  Office  appli¬ 
cations  coming  with  Office  14. 

•  Call  center  capabilities  need  improvement,  especially  addition  of  automated  call  dis¬ 
tribution  (ACD)  for  complex  call  center  operations.  Voice/video  conferencing  needs 
to  improve  to  support  more  concurrent  users. 

•  Build  a  reputation  for  trust  and  security  in  the  voice  market  and  prove  worth  over 
Cisco,  IBM,  Nortel,  Avaya  and  others. 


Microsoft 

continued  from  page  1 

Nortel  and  Siemens. 

“1  don’t  see  OCS  as  an  immediate  threat  to 
telephony  vendors,  including  Cisco,  but  OCS  is 
certainly  causing  corporate  voice  architects  to 
pause,”  says  Mark  Cortner,  a  senior  analyst  in 
the  network  and  telecom  strategies  unit  at  the 
Burton  Group.  “But  there  is  no  doubt  in  my 
mind  that  Microsoft  has  an  aggressive  goal  for 
the  role  it  will  play  in  telephony’ 

Cortner  says  Burton  Groups  clients  are  being 
more  deliberate  with  their  on-going  invest¬ 
ments  around  the  IP  PBX  now  that  Microsoft  is 
focused  on  voice,  which  is  creating  more  com¬ 
petitive  overlap  with  telephony  providers. 

The  awareness  of  SIP  trunking  and  the  possi¬ 
bilities  for  efficiencies  and  cost  savings  are 
catching  notice.  Nemertes  Research  reported 
last  week  that  early  results  of  its  Advanced 
Communications  Services  research  show  65% 
of  organizations  are  using  or  plan  to  use  SIP- 
trunking  services  in  their  network. 

SIP  trunking  helps  users  streamline  or  elimi¬ 
nate  costs  associated  with  desktop  handsets, 
public  switched  telephone  network  trunks, and 
voice  support  for  mobile  and  remote  workers. 

Microsoft  last  week  announced  Global  Cross¬ 
ings  and  Sprint  as  two  qualified  service  pro¬ 
viders  for  SIP  trunking. 

Early  adopters  say  those  partnerships  and  SIP 
trunking  support  help  Microsoft  position  OCS 
as  an  option  to  satisfy  corporate  needs,  espe¬ 
cially  in  Microsoft  shops  that  can  integrate  OCS 
as  part  of  the  vendor’s  UC  platform.  Gold 
Systems  in  Boulder,  Colo.,  which  helps  compa¬ 
nies  build  bridges  between  telephony  and 
software,  has  nearly  completed  its  own  in- 
house  swap  out  of  its  voice  system  for  OCS. 

“The  milestone  here  is  this  is  now  a  mature 
product,”  says  Terry  Gold,  the  company’s  CEO. 
“Companies  can  look  at  this  and  say  Microsoft 
is  serious  here.  Microsoft  is  throwing  down  the 
gauntlet. This  is  a  viable  alternative.” 

Gold  admits  that  it  is  still  early-adopter  days 
for  his  clients,  who  he  says  are  more  the  larger 
corporations  that  are  replacing  branch  office 
PBXs. 

“Companies  tend  to  have  a  PBX  at  every 
location  and  people  who  tend  to  those  expen¬ 
sive  pieces  of  hardware.  Company’s  don’t  do  it 
that  way  with  the  rest  of  their  enterprise  soft¬ 
ware,”  Gold  says. 

One  large  customer,  who  is  not  working  with 
Gold  but  is  also  adopting  OCS  internally,  is 
Sprint. 

Mike  Browne,  vice  president  of  client  ser¬ 
vices, says  the  company  will  eventually  replace 
nearly  500  PBXs  around  the  globe.  He  also  ticks 
off  savings  including  $240,000  annually  with 
OCS  rolled  out  to  some  3,000  employees  so  far, 
and  $5  million  by  eliminating  handset  replace¬ 
ment  and  going  to  soft  phones  and  headsets. 

“Across  the  board  those  are  significant  sav¬ 
ings,”  Browne  says. 

The  soft  phones  also  ensure  that  mobile 
workers  always  have  their  “desktop”  phone 


with  them  regardless  of  where  they  are  work¬ 
ing  with  their  laptops. 

“We  pretty  much  augmented  our  existing 
Microsoft  infrastructure  by  adding  OCS 
servers,”  Browne  says.  “We  put  them  in  our 
switch  centers.”  And  security  is  built  around 
existing  domain  controller-based  ID  and  cer¬ 
tificates  for  two-factor  authentication. 

But  Gold  and  Browne  both  realize  that  OCS 
still  has  some  wrinkles  to  smooth  out. 

Both  say  OCS  is  missing  the  ability  to  do  com¬ 
plex  automated  call  distribution  (ACD),  a  sys¬ 
tem  typically  used  in  call  centers  that  routes 
incoming  calls.  “They  have  a  long  way  to  go 
there,”  Browne  says. 

Gold  says  Microsoft  has  to  qualify  more  SIP 
trunking  providers  and  the  company  needs  a 
stronger  integration  story  so  companies  not 
willing  to  rip  out  their  PBX  are  comfortable  it 
can  co-exist  with  OCS. 

The  Burton  Group’s  Cortner  says  Microsoft 
needs  to  add  emergency  location  services  so 
companies  can  pinpoint  where  a  call  is  origi¬ 
nating  from,  and  add  “remote  location  surviv¬ 
ability”  features  so  branch  offices  don’t  lose 
phone  service. 

Microsoft  says  it  will  leave  some  of  that  work 
up  to  third-parties. 

“We  have  done  the  basic  ACD  stuff  in  R2,  but 
we  will  look  to  partners  to  build  scale  into  call 
center  scenarios,”  says  Yancey  Smith, director  of 
product  management  for  Office  Commun¬ 
ications  Server. 

Smith  also  says  the  250-person  cap  on  OCS 
audio  conferences,  which  he  says  covers  about 
99%  of  meetings,  will  remain  and  that  Microsoft 
sees  “a  partner  opportunity  for  a  super  large- 


scale  moderated  conference  feature.” 

Microsoft  has  given  partners  and  indepen¬ 
dent  software  vendors  tools  via  OCS  integra¬ 
tion  with  Visual  Studio  2008  and  a  set  of 
building  block  templates  offered  on  its  Web 
site.  And  the  company  introduced  with  OCS 
2007  R2  its  Unified  Communications 
Managed  API  2.0,  which  moved  voice  and 
video  into  a  single  API. 

It  will  take  all  Microsoft  can  muster,  including 
relying  on  corporations’  current  Microsoft  col¬ 
laboration  software  investments  to  help  sell 
OCS  as  the  final  piece  of  the  puzzle. 

Competition  on  the  UC  front  will  come 
strongest  from  Cisco  with  its  CallManager 
and  WebEx  Connect  duo  of  on-premises  soft¬ 
ware  and  online  services,  and  from  IBM, 
which  is  partnering  with  telephony  players 
and  planning  the  8.5  release  later  this  year  of 
its  popular  Sametime  real-time  communica¬ 
tions  platform. 

But  some  experts  think  Microsoft  has  a  big 
advantage.  “They  are  not  a  traditional  VoIP 
player,  but  they  can  tightly  couple  OCS  with 
software  such  as  Office,  Exchange,  ShareFbint, 
SQL  Server  and  Windows  Server;”  says  Mitchell 
Ashley,  principal  consultant  at  Converging 
Network  and  a  Network  World  featured  blogger. 
“The  others  have  to  do  those  types  of  integra¬ 
tions  separately’ 

And  Ashley  says  the  emerging  Live  Mesh  and 
Live  Framework  technology  will  eventually  in¬ 
troduce  synchronization  of  data  across  multi¬ 
ple  applications. 

“What  R2  does  is  let  Microsoft  go  full  forward 
against  the  likes  of  Cisco  and  the  traditional 
PBX  providers,”  he  says.B 
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Cox  Communication  attracting  attention 


On  the  surface  it  seems  like  almost  exactly 
the  wrong  time  when  on  Jan.  27  Cox 
Communications  announced  it  was  about 
to  start  unequal  mucking  with  the  Internet  traf¬ 
fic  of  its  residential  customers.  Maybe  the  Cox 
folks  know  something  1  don’t,  but  it  seems  to 
me  that  the  company  has  just  figured  out  how 
to  be  the  main  target  for  a  new  administration 
and  a  new  FCC  chair  that  have  made  it  clear 
they  might  be  looking  for  such  a  target. 

At  least  this  time  Cox  let  its  customers  know 
about  its  plans,  unlike  what  Cox  and  other 
cable  companies  have  done  in  the  past.  Cox  published  an  FAQ  about 
its  plans  that  does  provide  some  information,  but  not  nearly  enough 
to  tell  just  how  it  works  or  what  will  happen  to  customers’  traffic.The 
FAQ  says  that  “applications  that  are  tolerant  of  delay ...  may  be 


NET  INSIDER 

Scott  Bradner 


momentarily  slowed”  during  times  of  congestion. The  FAQ  provides  a 
list  of  traffic  types  that  will  not  be  targeted  for  slowdown,  including 
that  which  it  cannot  otherwise  categorize.  In  spite  of  the  FAQ,  here  are 
few  things  I’d  like  to  know  from  Cox: 

•  How  is  the  slowing  done?  (Prioritizing  packets?  Dropping  packets? 
Controlling  cable  time  slots  or...?) 

•  How  does  Cox  figure  out  what  application  the  traffic  is  from?  (Pbrt 
numbers?  Deep  packet  inspection?) 

•  Where  is  the  congestion  experienced?  (Local  loop?  Head  end? 
Uplink?  Backbone?) 

•  Why  only  residential  and  not  business  customers?  (Business  links 
do  not  get  congested?) 

•  How  often  is  Cox’s  network  congested?  (1%  of  the  time,  50%  of  the 
time,  every  afternoon  at  3  p.m.  or. . .?) 


•  How  overloaded  is  Cox’s  network  when  it  gets  congested?  (5x 
oversubscribed,  50x  or. . .?) 

One  thing  I’d  like  to  know  from  the  developers  of  P2P  protocols: 
How  long  (in  hours)  do  you  think  it  will  take  you  to  make  your  traffic 
look  like  it  is  not  one  of  the  applications  Cox  is  targeting  to  slow? 

I  fully  expect  that  the  FCC  will  demand  answers  to  at  least  some  of 
these  questions  before  too  long  and  I  will  be  interested  in  what  Cox 
has  to  say. 

But  it  just  might  be  that  Cox’s  customers  will  not  have  to  wait  for  the 
company  to  fess  up,  at  least  for  some  of  these  questions.  On  the  same 
day  that  Cox  announced  its  traffic-mucking  plans  Google  and  a  few 
partners  announced  Measurement  Lab  (M-Lab).M-Lab  provides  tools 
that  Internet  users  can  employ  to  see  if  their  ISP  is  messing  with  their 
traffic.  A  fortuitous  coincidence  —  a  set  of  tools  and  a  demonstration 
why  the  tools  are  needed,  both  on  the  same  day 

Google  is  working  with  the  New  America  Foundation’s  Open 
Technology  Institute,  the  PlanetLab  Consortium  and  a  number  of  aca¬ 
demic  researchers  to  make  performance  testing  software  available 
and  to  deploy  testing  servers  (36  in  12  locations  early  in  2009)  across 
the  Internet. 

It  is  vital  that  ISPs  be  able  to  employ  reasonable  but  fair  network 
management  technologies  and  processes  to  protect  their  networks. 
Maybe  Cox  is  doing  just  that,  and  maybe  not.  We  will  all  know  in  time. 
Cox  has  ensured  that  the  question  will  be  addressed  earlier,  rather 
than  later,  in  the  new  regime. 

Disclaimer:  Asking  questions  is  Harvard’s  reason  d’etre,  but  I’ve  not 
heard  Harvard  ask  the  above  ones,  so  they  are  mine. 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


Rogue  Firefox  add-ons  bring  security  risks 


Security  is  as  much  about  choices  as  it  is 
about  policies.  Which  software  solution 
you  pick  is  as  important  as  how  you  con¬ 
figure  and  use  it. With  the  vast  majority  of 
threats  today  coming  from  the  Web,  the  choice 
of  browser  is  critical.  With 
few  exceptions,  most  Web 
sites  are  cross-browser  com¬ 
patible.  Choosing  a  browser 
is  less  about  compatibility 
and  more  about  usability 
and  security 
Like  many  companies, 

Nemertes  Research  stan¬ 
dardizes  on  the  Firefox  browser. There  are  many 
reasons  for  this  choice,  but  a  major  one  is  security  Once  properly 
configured  and  with  the  assistance  of  add-ons  such  as  No-Script, 
which  applies  a  default-deny  towards  scripts  on  unapproved  sites, 
Firefox  becomes  extremely  robust  and  secure.  It’s  also  cross-plat- 
form,  which  helps  in  a  company  where  we  run  and  support  multi¬ 
ple  operating  systems. 

Lately,  however,  I’ve  become  increasingly  concerned  about  Firefox’s 
add-ons.  Add-ons  are  plugins  that  extend  the  browser  features. They 
can  be  used  to  enhance  security  (NoScript  is  a  great  example)  or  to 
extend  features  (FireBug  is  an  indispensable  Web  development  tool). 
Used  sparingly  they  add  great  value.  Of  course,  like  any  piece  of  code 
they  come  with  bugs,  memory  leaks  and  possible  security  issues.  So  it 
is  important  to  limit  them  to  the  essentials  and  carefully  control  them. 
But  increasingly  I  am  seeing  add-ons  installed  that  I  didn’t  ask  for. 

Over  time,  I’ve  had  many  different  applications  dump  an  add-on  into 
Firefox,  without  asking  my  permission.  Media  players,  Java  installers, 


Office  launchers, “helpers”  and  ““assistants”.  All  of  these  add-ons  pur¬ 
portedly  improve  integration  with  some  or  other  software  I  just 
installed.  But  again,  I  didn’t  ask  for  them  —  and  even  worse  —  they 
didn’t  ask  me  if  I  wanted  them  installed. The  carefully  guarded  space 
of  my  browser  becomes  quickly  infested  with  the  barnacles  of  various 
software  installers.  Each  barnacle,  on  its  own  harm¬ 
less,  en-mass  adds  drag  to  my  browser  until  it  can 
barely  move.  Sites  start  behaving  badly,  memory 
leaks  profusely  and  crashes  multiply 
So  every  couple  of  months,  I  have  to  dry-dock  my 
browser  to  remove  the  barnacles.  This  is  where 
things  get  interesting  —  the  uninstall  button  is  dis¬ 
abled.  Infuriatingly,  the  software  installers  not  only 
lacked  the  manners  to  ask  my  permission  but  they 
have  the  chutzpah  to  dictate  their  presence!  A 
deep  dive  in  the  registry  and  various  configuration  files  quickly  results 
in  the  forced  removal  of  these  pests. 

One  has  to  wonder:  How  many  times  do  we  have  to  learn  these 
lessons?  Browser  Helper  Objects  in  Internet  Explorer  became  the 
death-by-popup  sentence  for  the  browser.  ActiveX  and  other  “exten¬ 
sions”  created  an  endless  parade  of  drive-by  malware.  Once  again, 
security  is  sacrificed  on  the  altar  of  features. 

Before  I  go  out  and  install  a  firewall-add-on  to  protect  me  against 
rogue  add-ons  I  have  to  ask:  Who  came  up  with  the  idea  of  an  add-on 
with  a  disabled  uninstall  button?  Mozillians  take  note:  Strengthen  the 
controls  of  add-ons.You  don’t  want  to  go  down  that  road  —  Here, 
There  Be  Dragons. 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm.  He  can 
be  reached  at  andreas@nemertes.com. 
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Managing  application  services 


TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


BY  VIC  NYMAN 

I  o  increase  the  ROI  of  virtualization  efforts,  organizations  are  virtual¬ 
izing  servers  that  support  business-critical  applications.  While  many 
tools  help  manage  virtual  servers,  they  provide  little  real-time,  action¬ 
able  data  on  how  the  virtualized  applications  are  performing  and  how 
they  interact  with  one  another  and  the  infrastructure  on  which  they  reside. 


To  ensure  transactional  business  applica¬ 
tions  are  functioning  properly  in  a  mixed  virtu¬ 
al/physical  server  environment,  IT  managers 
must  take  an  application-centric  approach  to 
management  and  optimization,  and  they  can 
achieve  that  with  next-generation  Application 
Service  Management  (ASM)  tools. 

With  applications  abstracted  from  the  physi¬ 
cal  server  hosting  the  virtual  machine  (VM), 
support  organizations  must  determine  where 
an  application  is  bogging  down.  However, 
many  do  not  have  the  visibility  necessary  to 
monitor  what  or  how  their  applications  are 
doing  on  the  VMs.  They  can  measure  and  re¬ 
port  symptoms  but  cannot  diagnose  the  cause. 

The  typical  silod  approach  to  problem 
identification  focuses  on  the  VM,  the  server  or 
the  network.  This  fails  to  show  where  the 
application  goes  and  the  shape  of  its  infra¬ 
structure  (virtual,  physical  or  both),  and  only 
provides  a  fraction  of  the  performance 
details  required  for  effective  problem  solving. 
Because  virtualization  breaks  the  one-to-one 
relationship  of  server-to-application,  you  can 
no  longer  solely  rely  on  machine  perfor¬ 
mance  indicators  to  determine  the  health  of 
your  apps. 

Application  dependencies  must  be  mapped 
and  monitored  across  servers  and  operating 
systems  throughout  the  enterprise.  With  the 
proper  ASM  tools  to  visualize  interdependen¬ 
cies  down  to  the  process  level,  application 
owners  and  IT  support  teams  can  keep  com¬ 
plex  applications  performing  well.  This 
approach  relies  on  the  following  application- 
specific  data  for  effective  problem  triage  and 
resolution:  application  structure  and  depen¬ 
dencies;  response  times;  specific  resources 
used;  bytes  sent  and  received;  and  processes 
maintained,  dropped  or  stalled. 

Only  by  following  the  application  service 
level, with  insight  into  health  and  performance 
at  each  hop  along  the  dependency  chain,  can 
application  support  dive  into  the  server  stack 
to  determine  if  there  are  bad  connections,  an 
overloaded  VM,  server-hosting  conflicts  or  any 
number  of  server-related  issues. 

Consider  this  example:  A  company  virtual¬ 
ized  much  of  its  data  center  and  suddenly  a 
user’s  application  became  non-responsive. 
After  two  days  of  work,  application  support 


realized  a  server  the  application  depended  on 
had  been  converted  to  a  VM,  yet  the  applica¬ 
tion  was  still  making  calls  to  the  original  physi¬ 
cal  machine. 

An  application-centric  ASM  approach  would 
have  mapped  shifting  application  relationships 
as  they  migrated  to  a  virtual  infrastructure,  and 
save  days  and  thousands  of  dollars  in  down¬ 
time  and  diagnostics. 

Physic  al-t  o-vi  rt  u  al  (P2V)  projects 

The  application-centric  approach  also  be¬ 
comes  an  imperative  as  dynamic  data  centers 
change  the  shape  of  the  application  eco¬ 
system.  For  example,  virtualization  can  add  a 
processing  strain  by  offloading  network  I/O, 
which  goes  beyond  simply  stacking  too  many 
VMs  on  top  of  a  host  server.  Virtualization  caus¬ 
es  network  I/O  —  and  often  storage  I/O  —  to 
be  handled  multiple  times  by  the  same  CPU 
complex.  This  generates  new  CPU  overhead 
directly  associated  with  I/O  functions. 

As  the  number  of  transactions  and  depen¬ 
dencies  involved  in  that  environment  grow 
applications  do  not  scale  as  simply  as  one 
might  expect.  Applications  and  infrastructure 
teams  need  to  do  their  homework  on  applica¬ 
tion  I/O  to  prepare  for  increased  CPU  utiliza¬ 
tion  in  advance  of  a  P2V  conversion.  They 
need  tools  that  can  monitor  these  issues  in  real 
time  as  their  VM  environments  change. 

With  an  application-centric  ASM  approach 
processes  can  be  seen,  VM  changes  can  be 
monitored,  and  detailed  performance  data  is 
available  for  every  connection  so  application 
visibility  is  maintained. 

Lack  of  application  visibility  in  virtualized  en¬ 
vironments  has  caused  some  organizations  to 
throw  more  resources  at  performance  issues, 
exacerbating  the  problem.  Take  this  example: 
To  address  application  downtime,  IT  staff  at  a 
leading  software  provider  were  delivering 
more  capacity  and  provisioning  more  VMs  to 
keep  things  running.  However,  they  soon  over¬ 
provisioned  their  users  and  wasted  resources, 
which  negated  the  benefits  of  all  their  previous 
virtualization  efforts. 

The  solution?  By  using  tools  that  provide  vis¬ 
ibility  into  applications  as  they  reside  on  virtu¬ 
al  servers,  support  teams  followed  the  service 
level  across  the  infrastructure,  drilling  into  the 


server  stack  to  isolate  problems  and  eliminate 
the  need  for  additional  resources,  ultimately 
meeting  user  requirements  while  optimizing 
their  resource  pool. 

TodayASM  tools  are  capable  of  providing  ac¬ 
cess  to  real  application  data  for  virtualized  en¬ 
vironments  vs.  modeled  data.  This  gives  appli¬ 
cation  owners  the  confidence  to  virtualize 
complex  applications. 

These  solutions  use  intelligent  data  collec¬ 
tors  to  passively  collect  data  by  monitoring  the 
application  request  layers.  This  data  helps 
administrators  understand  application  perfor¬ 
mance  and  track  its  movement  in  order  to 
detect  potential  bottlenecks  and  failures. 

ASM  tools  provide  application  support  and 
infrastructure  owners  the  visibility  to  manage 
the  performance  and  availability  of  applica¬ 
tions  deployed  in  virtualized  data  centers.  The 
ASM  approach  includes  three  critical  elements: 

•  Application  discovery  and  mapping: 
Discovery  and  mapping  of  application  con¬ 
nections,  processes  and  interdependencies, 
allowing  for  visibility  into  both  physical  and 
virtual  environments. 

•  Service-level  health  measurement:  Service- 
level  performance  intelligence  detailing  con¬ 
nections,  usage  and  application  access  times, 
depicting  the  relative  health  of  complex  appli¬ 
cations. 

•  Triage  of  application  and  server  problems: 

Performance  indicators  highlight  areas  of  con¬ 
cern,  showing  where  to  focus  efforts  to  solve 
problems  and  optimize  the  IT  environment. 

Because  ASM  stresses  a  business-centric 
approach,  application  support  and  infrastruc¬ 
ture  owners  can  align  service-level  objectives 
with  overarching  business  priorities.  This 
application-centric  approach  helps  clarify 
goals  across  organizations  and  improves 
responsiveness. 

As  a  result,  application  and  infrastructure 
support  can  focus  on  the  availability,  perfor¬ 
mance  and  mutually  defined  parameters  of 
business  processes,  as  well  as  specify  the 
processes  through  service-level  agreements. 
Essentially,  ASM  gives  IT  teams  a  common  lan¬ 
guage  to  share  objectives  and  provides  visibil¬ 
ity  into  application  performance  and  avail¬ 
ability,  allowing  them  to  control  and  improve 
service  delivery  to  the  customer. 

Nyman  is  co-founder  and  COO  of  BlueStripe 
Software. 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Building  a  wiki  with  TiddlyWiki 


Mark  Gibbs 


Last  week  I  started  to  review  an  amazing  per¬ 
sonal  wiki, TiddlyWiki,  and  explained  you 
can  get  started  by  downloading  an  empty 
version  (a  barebones  copy  of  TiddlyWiki  without 
content)  from  the  TiddlyWiki  download  page. 
GEARHEAD  Once  you  have  saved  your  TiddlyWiki  locally 
you  can  load  it  into  your  browser  and  add, delete 
or  modify  its  contents,  change  its  appearance 
and  behavior, add  plugins  that  extend  TiddlyWiki 
even  further,  import  content  from  online  TiddlyWikis  ...  there  is,  as  1 
hope  you  are  starting  to  see,  a  lot  to  this  system. 

An  alternative  to  storing  TiddlyWiki  locally  is  to  create  a  free  account 
on  TiddlyWiki’s  TiddlySpot  hosting  server.  The  server  is  very  clever  and 
incredibly  useful.  When  you  sign  up  you  specify  a  subdomain  under  tid- 
dlyspot.com  for  your  TiddlyWiki  (for  example,  I  created  a  Gearhead 
TiddlyWiki)  and  then  you  choose  which  TiddlyWiki  variant  to  use. 

The  choices  offered  by  TiddlySpot  include:  the  standard  version  of 
TiddlyWiki;  MPTW(  which  stands  for  MonkeyPirateTiddlyWiki  (“a  distrib¬ 
ution  ...  of  TiddlyWiki  that  includes  a  standard  TiddlyWiki  core  pack¬ 
aged  with  some  plugins  designed  to  improve  usability  and  provide  a 
better  way  to  organise  your  information”);  MonkeyGTD,  a  Getting  Things 
Done  version  of  MPTW  (I  discussed  GTD  briefly  last  week);  and  d3 
(which  stands  for  “do  it,  delegate  it,  or  defer  it”). 

With  TiddlySpot  you  can  make  your  TiddlyWiki  public  or  keep  it  pri¬ 
vate;  access  and  modify  it  online  as  well  as  download  it;  and  make 
changes  offline  and  upload  the  revised  version  when  you’re  next  online. 
In  many  ways  TiddlySpot  is  the  best  choice  for  using  a  TiddlyWiki  as  it 
gives  you  excellent  portability  accessibility  from  any  computer,  and 
makes  it  very  easy  to  share. 

Before  we  get  into  how  to  use  a  TiddlyWiki  I  have  to  explain  “tiddlers”: 
These  are  the  equivalent  of“articles”or“pages”in  other  wiki  systems.The 


developers  refer  to  these  as  micro-content  (which  I  guess  makes 
Twitter’s  “tweets”  nano-content) . 

So,  let’s  look  at  how  TiddlyWiki  works  its  magic:  When  you  first  load  an 
empty  copy  of  the  standard  TiddlyWiki  distribution  you’ll  see  a  top  ban¬ 
ner,  a  menu  of  tiddlers  on  the  left  with  a  single  entry  named  "Getting- 
Started”,  a  menu  on  the  right  that  lets  you  do  things  such  as  create  tid¬ 
dlers  and  journals  and  save  changes  to  the  wiki, and  an  area  in  the  mid¬ 
dle  below  the  top  banner  where  the  content  of  the  GettingStarted  tiddler 
is  displayed. 

You’ll  notice  yourTiddlyWiki  is  called  “My  TiddlyWiki”  and  it  is  subtitled 
“a  reusable  non-linear  personal  web  notebook”  .You ’ll  also  notice  that  to 
the  top  right  of  all  tiddlers  is  a  menu.  This  tiddler  menu  gives  you  the 
option  to  close  the  tiddler,  close  any  other  tiddlers  that  may  be  open 
(none  currently  are),  edit  the  tiddler,  and  other  things  we’ll  discuss  later. 

The  GettingStarted  tiddler  is  a  special  type  of  tiddler  —  a  “shadow  tid- 
dler’that  stores  system  settings  (you  can  access  any  of  the  shadow  tid¬ 
dlers  through  “Shadowed”  under  the  “More”  tab  in  the  menu  at  the  bot¬ 
tom  of  the  column  to  the  right). 

If  you  click  on  “edit”  in  a  tiddler  menu  the  layout  of  the  tiddler  will 
change  and  you’ll  see  three  editable  fields;  the  top  field  is  the  name  of 
the  tiddler,  the  middle  one  is  its  content,  and  the  bottom  field  is  for  tags. 
So, you’ll  click  on  the  SiteTitle  link  in  the  body  of  GettingStarted  and  then 
click  on  edit  in  the  tiddler  menu.  Now  you  can  change  the  text  in  the 
content  field  of  SiteTitle  to  whatever  you  want  to  call  yourTiddlyWiki. 
You  then  click  on  Done  in  the  tiddler  menu  and  voila!  The  name  of  your 
TiddlyWiki  will  have  changed.  Now  click  on  “save  changes”  in  the  right 
hand  menu  and  the  change  is  permanent. 

Next  week,  more  cowbell,  er, TiddlyWiki. 

Gibbs  has  modified  his  tiddlers  in  Ventura,  Calif.  Tell  him  about  your  edits 
at  gearhead@gibbs.com. 


BlackBerry  gets  thin  with  the  8900 


Keith  Shaw 


C00LT00LS 


The  scoop:  BlackBerry 
Curve  8900,  with  T-Mobile 
service,  about  $200  (after 
$100  rebate,  with  two-year 
contract,  plus  at  least  $15 
monthly  service  plan). 

What  it  is:  The  newest 

_____ _  BlackBerry  device  from 

Research  in  Motion  is 
active  on  T-Mobile’s  quad-band  EDGE  network, 
which  provides  worldwide  coverage,  and  is  the 
“thinnest  and  lightest”  BlackBerry  device.  Along 
with  the  regular  push  e-mail  features  seen  on 
ever>'  other  BlackBerry,  the  8900  includes  a  2.4- 
inch  display  (480  by  360  pixels),  built-in  GPS  and 
Wi-Fi,  an  expandable  memory  slot  (as  much  as 
16GB  supported  via  microSD/SDHC),  an 
advanced  multimedia  player  with  streaming 
video  support,  and  a  3.2  megapixel  digital  camera 
(plus  video  recording  features). 

Why  it’s  cool:  The  8900  is  UMA-enabled,  which 
allows  users  to  make  phone  calls  over  a  Wi-Fi 
connection.  That  makes  sense,  because  some 
users  may  feel  that  the  EDGE  network  coverage 
and  speeds  are  not  as  comprehensive  as  those 
from  other  carriers  (such  as  the  HSDPA  network 
from  AT&T  or  EV-DO  networks  from  Sprint  and 
Verizon).  Using  Wi-Fi  for  voice  calls  for  users  at  home  is  part  of  T- 
Mobile’s  strategy,  so  it  makes  sense  to  see  UMA  on  this  device. 

The  “thin  and  light”  part  of  the  8900  is  noticeable  —  the  device  feels 
a  lot  less  bulky  than  other  BlackBerries  that  feature  the  full  QWERTY- 
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The  BlackBerry  Curve  8900  is 
the  thinnest  and  lightest 
BlackBerry  ever. 


style  keypad.  It  doesn’t  feel  like  anything  was  com¬ 
promised  in  order  to  make  the  device  lighter  — 
the  screen  is  still  big  enough  and  the  trackball 
navigation  is  the  same  as  other  devices. 

The  system  also  comes  with  a  new  Charging 
Pod,  which  lets  users  place  their  device  on  their 
desktop  to  recharge  via  the  power  cable  (it  will 
also  recharge  via  the  regular  USB  cable). The  bat¬ 
tery  life  was  pretty  good  —  I  was  able  to  run  for 
about  three  days  of  moderate  data  usage  before 
I  noticed  that  the  device  needed  a  recharge. 

The  testing  unit  came  with  some  very  cool  appli¬ 
cations  for  the  BlackBerry  as  well,  including  Sling- 
Player  Mobile  (connect  to  a  Slingbox  to  watch  TV 
over  the  network), and  FlyCast  (listen  to  streaming 
audio  and  Internet  radio  stations  over  the  net¬ 
work).  Those  applications  worked  best  when  con¬ 
nected  via  Wi-Fi,  however. 

Some  caveats:  The  biggest  issue  for  most  users 
will  be  the  EDGE  network  access  from  T-Mobile. 
The  carrier  has  attempted  to  alleviate  this  by  in¬ 
cluding  the  UMA  option  for  connecting  via  Wi-Fi, 
but  if  users  don’t  have  access  to  a  Wi-Fi  network 
a  majority  of  the  time  (for  example,  1  could  only 
access  Wi-Fi  via  my  home,  at  work  I  would  have 
to  rely  on  EDGE),  the  benefits  become  a  non¬ 
issue.  But  for  users  with  good  Wi-Fi  coverage,  this 
is  a  solid  BlackBerry  (and  lighter,  too!). 

Grade:  ★★★★  (out  of  five). 


Shaw  can  be  reached  at  kshaw@nww.com. 
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more  than  200  file  folders  containing  data  that 
could  lead  to  identity  theft.  Rather  than  shred 
the  documents,  someone  had  opted  to  toss 
them  in  the  bin,  showing  a  complete  and  stun¬ 
ning  lack  of  common  sense. 

And  the  state  of  New  Hampshire’s  Depart¬ 
ment  of  Health  and  Human  Services  acciden¬ 
tally  exposed  the  personal  health  information 
of  more  than  9,000  people  in  December  when 
someone  mistakenly  attached  a  file  containing 
the  data  to  an  e-mail  sent  to  61  healthcare 
providers  and  other  organizations. 

The  attachment  contained  names,  ad¬ 
dresses,  Medicare  Part  D  plan  information, 
Social  Security  numbers  and  the  amount  of 
each  person’s  monthly  premiums  —  all  data 
supposedly  protected  under  the  Healthcare 
Insurance  Portability  and  Accountability  Act 
(HIPAA)  regulations. 


DISCLOSURE  LAWS  PROVIDE  A  GOLD  MINE 

OF  INFORMATION  ON  THE  CAUSES  OF  DATA  BREACH¬ 
ES  AND  WAYS  TO  AVOID  A  COSTLY  INCIDENT 


Breach  blog  bonanza 

Until  about  six  years  ago,  we  rarely  heard 
anything  about  harmful  data  breaches.  And 
not  because  there  weren’t  any  —  organiza¬ 
tions  that  were  hit  with  embarrassing  data 
losses  kept  them  secret,  or  tried  to. 

That  all  changed  in  2003,  when  California 
enacted  a  disclosure  law  requiring  entities  that 
had  suffered  a  data  breach  to  notify  the  indi¬ 
viduals  whose  information  could  have  been 
exposed  or  compromised.  Since  then.  42  more 
states  have  adopted  similar  legislation. 

The  fear  of  public  humiliation  clearly  has  not 

See  Data  breach,  page  24 


■  omebody  was  siphoning  customer  financial  data  from  a  gas 

station/convenience  store  chain. 

1  The  perpetrator  covered  his  tracks  so  well  that  that  the 

company  that  owned  the  stores  didn’t  even  know  it  had  a 
data  breach  until  customers  began  complaining  about  expe¬ 
riencing  fraud  just  days  after  using  a  credit  card  or  writing  a 
check  at  one  of  the  stores. 

Verizon’s  Business  Investigative  Response  team  was  called  in 
to  try  to  unravel  the  mystery  and  track  down  the  hacker.  The 
team.  led  by  managing  principal  Bryan  Sartin,  took  forensic 
images  of  the  systems  at  several  store  locations  and  did  an  in- 
depth  analysis  of  the  information. 

Subtle  clues  in  the  data  pointed  to  the  point-of-sale  vendor  that 
processed  payments.  In  fact,  the  thief  turned  out  to  be  an  employ¬ 
ee  of  the  POS  vendor.  The  hacker  had  cleverly  devised  a  way  to 
capture  a  customer’s  personal  financial  data  at  the  time  of  a  „ 
sale,  remove  the  data  from  the  server,  cover  his  tracks, 
then  sell  the  information  to  other  criminals. 

^ He^didnT  cover  his  tracks  well  enough,  howeven^^^pg; 

of  technical  expertise.  In  many  cases,  the 
causes  that  contribute  to  data  breaches  are 
so  simple  that  you  wonder  how  the  incidents 

if  ':Mpt  example,  in  early  December  2008,  paper- 
fybfk  Containing  the  personal  and  financial  infor- 
mati’dp  of  a  mortgage  company’s  customers  was 
found  in  an  office  recycling  bin  in  Florida.  There  were 
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Data  breach 

continued  from  page  22 

resulted  in  a  decrease  in  data  breaches.  Quite 
the  opposite.  More  than  162  million  records 
were  reported  lost  or  stolen  in  2007  —  a  330% 
increase  over  the  reported  49  million  records 

of  2006. 

'These  disclosures  have  provided  a  treasure 
trove  of  information,  however,  which  a  num¬ 
ber  of  groups  have  used  to  analyze  data 
breaches  and  their  causes.These  data-breach 
sleuths  include  the  Verizon  Business  RISK 
Team;  the  Open  Security  Foundation,  which 
posts  the  DataLossDB  database  of  breaches; 
and  FRSecure  CEO  Evan  Francen,  whose  blog 
(The  Breach  Blog)  highlighted  the  Florida 
and  New  Hampshire  cases. 

Can  you  hack  me  now? 

The  Verizon  Business  RISK  Team  conducted 
more  than  500  forensic  investigations  of  secu¬ 
rity  lapses  and  data  breaches  over  the  past 
few  years,  many  involving  suspected  criminal 
behavior.  The  lessons  learned  in  the  Verizon 
report  can  help  you  determine  where  to 
focus  your  mitigation  resources.  Here  are 
some  of  the  key  findings: 

•  Nearly  three-quarters  of  the  breaches 
investigated  by  Verizon  were  instigated  by 
external  sources. 

•  Just  18%  of  the  breaches  were  caused  by 
insiders,  but  the  insider  incidences  were 
much  larger  in  terms  of  the  amount  of  data 
compromised. 

•  Over  the  years,  the  investigators  observed 
a  sharp  increase  in  breaches  originating 
through  the  assets  of  trusted  business  part¬ 
ners.  This  doesn’t  necessarily  imply  that  the 
partners  are  stealing  data;  rather,  their  entry 
points  into  the  victim’s  computer  may  be 
compromised,  allowing  hackers  to  usurp 
trusted  connections  and  accounts.  This  tells 
us  that  a  stronger  defense  needs  to  be  built 
around  the  data,  not  just  around  the  network 
perimeter. 

•  Data  breaches  often  result  from  a  combi¬ 
nation  of  events  rather  than  a  single  action.  In 
a  majority  of  the  cases  that  Verizon  analyzed, 
some  sort  of  significant  error  contributed  to 
the  breach;  for  example,  misconfiguring  soft¬ 
ware  or  a  device,  thus  allowing  exploitation 
of  the  error. 

•  In  many  cases,  the  forensic  experts  deter¬ 
mined  that  a  hacker  exploited  a  known  vul¬ 
nerability  for  which  there  was  a  patch  avail¬ 
able  —  but  never  deployed  —  for  up  to  a  year 
before  the  breach.  To  build  a  better  shield, 
organizations  need  a  formal  program  for 
patch  management,  configuration  manage¬ 
ment  and  change  management. 

•  Hie  Verizon  investigators  observed  the 
breaches  had  some  commonalities.  For 
instance,  66%  involved  data  that  the  organi¬ 
zation  didn’t  even  know  was  on  the  system. 

•  Three-quarters  of  the  attacks  weren’t  dis¬ 
covered  by  the  victimized  company;  often, 
law  enforcement  agencies  or  individual  vic¬ 
tims  pointed  out  the  problem. 

•  In  most  cases,  the  attacks  were  not  partic¬ 
ularly  sophisticated  and  would  likely  have 


been  prevented  if  basic  security  controls  had 
been  in  place. 

These  last  two  observations  are  significant, 
because  they  tell  us  that  a  comprehensive 
and  well-executed  security  plan  should  pre¬ 
vent  most  breaches. 

The  nature  of  criminal  attacks  is  changing 
—  and  not  for  the  better, Verizon’s  Sartin  says. 
“Cybercriminals  have  become  much  more 
sophisticated  in  the  last  decade,”  he  says.  “At 
first  we  saw  directed  attacks  against  specific 
companies  that  processed  lots  of  sensitive 
data  —  banks,  [automated  teller  machine] 
operators,  data-processing  companies.  Then 
we  observed  a  shift  toward  fully  random 
attacks  using  botnets,  SQL  injections,  authen¬ 
tication  bypass  and  scans  for  vulnerabilities. 
Just  recently,  the  criminals  have  shifted  tech¬ 
niques  again  to  pursue  softer  targets  like  data 
in  transit  or  in  the  computer’s  running  mem¬ 
ory  because  it’s  not  encrypted.” 

“People  think  data  security  is  an  IT  issue, 
but  it’s  really  a  business  issue,”  FRSecure’s 
Francen  adds.  “People  want  to  fit  this  thing 
called  ‘data  security’  into  a  box  and  be  done 
with  it.  Instead,  companies  need  to  take  a 
holistic  and  continuous  approach  to  protect¬ 
ing  data, starting  at  the  top.  It  needs  to  be  tied 
to  a  CEO’s  responsibilities.  It’s  really  about  the 
preservation  of  business  assets.” 

In  his  work  as  a  security  consultant, 
Francen  often  encounters  people  who 
equate  “compliance”  with  “information  secu¬ 
rity”  “Companies  spend  lots  of  money  on 
compliance  issues  and  make  the  assumption 
that  if  they  comply  with  regulations  [such  as 
the  Sarbanes-Oxley  Act,  HIPAA  and  Payment 
Card  Industry  (PCI)  Data  Security  Standard], 


their  data  is  secure,”  he  says.  “Those  regula¬ 
tions  are  a  good  start,  but  they  don’t  mean 
data  is  secure.Your  computer  systems  can  be 
100%  compliant,  but  you  can  still  have  a  data 
breach.” 

Francen  points  to  the  2008  breach  of  the 
Hannaford  Bros,  grocery  chain.The  company  had 
passed  a  recent  PCI  DSS  audit  but  still  experienced 
the  theft  of  consumer  credit  and  debit  card  num- 
bers.The  same  was  true  with  the  recent  Heartland 
Payment  Systems  breach. 

Measures  you  can  take 

Data  security  goes  beyond  the  use  of  tech- 
nology  the  experts  say  Nevertheless,  there  are 
numerous  tools  and  techniques  that  IT  pro¬ 
fessionals  can  use  to  improve  their  organiza¬ 
tion’s  data  security  stance. 

•  Data  encryption.  Sensitive  information 
should  be  encrypted  when  it  is  at  rest  and  in 
motion.  One  of  the  top  causes  of  data  breach¬ 
es  is  lost  or  stolen  laptops  or  other  portable 
media  such  as  USB  flash  drives,  Francen  says. 
Simply  encrypting  the  data  on  these  devices 


can  vastly  reduce  the  risk  of  exposure. 

•  Patching.  All  software  and  hardware 
devices  need  security  updates  from  time  to 
time.  IT  organizations  must  have  a  formal 
patch  management  program.  According  to 
Verizon,  patches  were  available  for  90%  of 
known  vulnerabilities  exploited  in  an  attack 
for  at  least  six  months  before  the  breach,  but 
the  patches  had  not  been  applied. 

•  Configuration  and  change  management. 
Misconfiguration  of  hardware  and  software  is 
a  leading  factor  in  data  breaches,  according 
to  Verizon.  Last  December,  a  misconfigured 
network  allowed  inmates  of  the  Plymouth 
County  Correctional  Facility  in  Massachu¬ 
setts  to  go  beyond  using  the  network  for  legal 
research,  to  accessing  personal  information 
about  the  facility’s  employees.  Even  worse,  a 
former  inmate  is  accused  of  hacking  the  sys¬ 
tem  to  cause  the  misconfiguration. 

•  Event  logs.  In  the  Verizon  investigations, 
evidence  of  events  leading  to  as  much  as  82% 
of  data  breaches  was  available  to  the  organi¬ 
zation  before  the  actual  compromise.  The 
event  logs  tell  a  story  —  all  you  have  to  do  is 
read  it. 

•  Network  perimeter  defense.  Although  the 
traditional  notion  of  a  “perimeter”  is  always 
shifting,  defending  the  edges  of  the  network 
is  still  critically  important.  Intrusion-detection 
and  prevention  is  like  the  canary  in  the  coal 
mine  —  it’s  the  first  warning  sign  that  some¬ 
thing  isn’t  right. 

•  Antivirus  and  antimalware  applications. 
It’s  believed  that  the  Hannaford  breach  was 
enabled  by  a  malware  application  planted 
on  the  chain’s  payment  processing  servers. 
Numerous  tools  are  available  to  help  prevent 


the  ingestion  and  spread  of  harmful  software 
programs. 

•  Third-party  connections.  Third-party 
assets  increasingly  are  used  to  launch 
attacks,  Verizon  research  indicates.  Security 
experts  recommend  isolating  third-party  con¬ 
nections  to  limit  what  these  “inside  outsiders” 
can  do. 

Preventing  breaches  can  seem  like  a  daunt¬ 
ing  task.  The  Verizon  Business  RISK  Team 
reminds  us  to  “achieve  ‘essential’  and  then 
worry  about  ‘excellent’.”  A  key  recommenda¬ 
tion  from  these  experts  is  to  identify  a  set  of 
basic  controls  and  ensure  their  implementa¬ 
tion  across  the  organization  without  excep¬ 
tion,  then  move  on  to  more  advanced  con¬ 
trols  where  needed.  Such  a  strategy  will 
address  the  accidental  breaches,  such  as  lost 
laptops,  as  well  as  the  intentional  attacks 
from  hackers  and  cybercriminals. 

Musthaler  is  a  principal  analyst  at  Essential 
Solutions  Corporation.  She  can  be  reached  at 
lmusthaler@essential-iws.  com 
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CLEAR  CHOICE  TEST 


UNIFIED  COMMUNICATIONS 


NEC  hits  mobile  worker  sweet  spot 

NEC  delivers  slick,  unified  view  of  all  communications  out  to  mobile  clients 


BY  ROBERT  SMITHERS  AND  MARTIN  MILNER,  NETWORK  WORLD 
LAB  ALLIANCE 

NEC’s  Univerge  Unified  Communications  Solution  package  marks 
the  intersection  of  the  stylish  endpoints  coveted  by  mobile 
workers  with  the  high  level  of  performance  that  comes  from  the 
company’s  long  history  in  telephony 
In  this  Clear  Choice  Test  —  one  in  a  series  of  tests  conducted  using  the 
same  test  methodology  and  has  included  products  from  Avaya  and 
3Com  (www.nwdocfinder.com/8622)  —  NEC’s  UC  platform  showed 
itself  to  be  well  fashioned  (because  of  the  sleek  appearance  of  its  end¬ 
points),  well  designed,  feature-packed, secure  and  resilient. 

This  hands-on  evaluation  included  samples  of  NEC’s  top-of-the-line 
UC  endpoints  (almost  a  dozen  in  total)  including  hard  phones  and  soft- 
phone  clients. These  clients  were  connected  to  redundantly  deployed 
SV7000  IP  PBX  communications  servers  running  a  hardened  version  of 
Windows  2003  Server. 

The  SV7000  servers,  which  handle  call  routing  and  provide  basic  PBX 
telephony  came  bundled  with  NEC’s  SV7000T  (Call  Telephony  server) 
and  SV7000S  (Session  Initiation  Protocol  [SIP]  Server)  software.  The 
underlying  servers  support  SIP  trunks,  are  XML  and  Java  compliant 
scale  from  300  to  6,000  ports  for  IP  terminals, and  work  with  Lightweight 
Directory  Access  Protocol  (LDAP)-based  directory  services  for  secure 
user  access.  Presence  intelligence  is  supplied  by  NEC’s  OW5000 
Presence  Engine,  which  maintains  records  of  users’  communication 
availability  and  device  preferences. 

Performance:  Very  strong 

We  verified  NEC’s  advertised  traffic  load-handling,  voice-quality  statis¬ 
tics  and  other  traditional  IP  PBX-type  tests  for  the  SV7000  as  the  core 
communication  platform. The  product  satisfied  our  base-level  perform¬ 
ance  metrics  for  a  modern  IP  PBX,  achieving  32,369  busy-hour  calls 
with  1,000-user  loads  without  dropping  any  calls.  For  load  testing,  a 
combination  of  call-generation  tools  were  used  including  the  Empirix 
Hammer,  which  sent  calls  directly  to  the  UC  system  (see  “How  we  did 
it”  at  www.nwdocfinder.com/8521). 

The  SV7000  achieved  voice-quality  mean  opinion  scores  (MOS)  of  4.4 
or  higher  (out  of  5)  even  when  alternating  between  H.323  and  SIP  calls. 
NEC’s  excellent  voice  quality  was  confirmed  by  ClearSight  Networks’ 
Analyzer  and  Touchstone  Technologies’ WinSIP 
A  second  load  test  we  conducted  —  one  that  stressed  the  underlying 
IP-PBX  performance  and  the  system’s  ability  to  track  user  presence 
changes  —  required  a  multi-session  version  of  NEC’s  UC700  softphone 
application  that  ran  on  several  workstations.Three-hundred  virtual  ses¬ 
sions  were  created  on  each  of  five  servers  and  150  each  on  17  worksta¬ 
tions,  making  available  a  maximum  of  4050  sessions.  We  observed  that 
without  server  performance  degradation  we  were  able  to  support  a 
total  of  3883  virtual  sessions  with  the  NEC  platform,  requiring  81%  of 
CPU  utilization  and  2GB  of  memory  of  the  SQL  database  server  running 
inside  the  OW5000  presence  server. 

Endpoints:  Slick 

NEC  has  a  consolidated  message-center  interface  —  used  on  all  of  its 
supported  endpoints  —  which  clearly  showed  all  voice  messages,  e- 
mails,  instant  messages  and  faxes  received  in  all  of  our  testing.  Menus 
on  the  various  devices  were  nearly  identical,  and  endpoints  showed 
user  presence  information  and  changes  in  the  same  way 
The  hardware  endpoints  have  the  same  basic  set  of  features  including 
display  colors,  the  number  of  soft  and  hard  keys,  menu-driven  functions 
and  presence  indicators.  Advanced  features  include  video  communi¬ 
cations,  XML-based  Web  browser  applications  and  touchscreens. 


NETRESULTS 


Product  Univerge  Unified  Communications 

Vendor  NEC  Unified  Solutions 

www.necunified.com/main/ 

Price  $80,000  as  tested. 


Pros  Offers  excellent  touchscreen  on  hard  phone; 

mobility  client  offers  full  UC  functions;  manage¬ 
ment  and  monitoring  are  service-provider  grade; 
strong  performance,  especially  for  UC  functions 
and  scalability. 

Cons  Enterprise  video  still  being  developed;  resilien¬ 
cy  is  functional  but  not  integral  to  solution; 
heavily  dependent  on  Microsoft  SQL  for  pres¬ 
ence  features, 


Score  4.05 


SCORECARD 


Action 

Features  and  functionality 
Integration 

Reliability 

Weight 

25% 

25% 

12.5% 

4.5 

3.7 

3.5 

Management  and  monitoring 

12,5% 

4.2 

Security 

12.5% 

3.8 

Performance 

12,5% 

4.5 

Total  score 

4.05 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average; 
1:  Subpar  or  not  available. 


Components  tested  included  the  top-of-the-line,  SIP-compliant  DT750 
hard  phone.lt  offers  an  LCD  color  display,  touchscreen  and  Open  XML 
interface,  and  is  Bluetooth  compatible.The  Open  XML  interface  enables 
companies  to  create  a  customized  look-and-feel  on  a  browser-like  dis¬ 
play  We  tried  to  disable  the  DT750s  by  sending  denial-of-service  (DoS) 
attacks  at  them,  as  well  as  using  other  methods,  but  we  could  not  cause 
the  NEC  endpoints  to  malfunction. 

The  MC530  Mobile  Client  uses  Windows  Mobile  6,  which  provides  its 
touchscreen  features  and  offers  one-touch  access  to  IM,  voice  mail, con¬ 
tacts  lists  and  Bluetooth  wireless  functions.  We  found  no  glitches  when 
testing  the  touchscreen,  click-to-dial  or  clipboard  dialing  capabilities. 
Joining  audio-  and  Web  conferences  was  a  seamless  process. 

The  MC530  client  provided  accurate  and  reliable  presence  informa¬ 
tion.  When  changing  a  test  user’s  status  to  “available,”  only  1.5  seconds 
was  needed  to  propagate  that  information  to  the  UC700  softphone, 
DT700-series  hard  phones  and  the  UA5200  attendant  console. The  NEC 
endpoints  consistently  signify  presence  status:  red  for  unavailable,  yel- 
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low  for  possibly  available  and  green  for  available. 

The  DTerm  SP30  softphone  —  NEC’s  first  softphone  designed  for  lower 
system  requirements  —  offers  basic  dialing  features  and  provides  a 
window  into  all  UC  functions  except  presence,  but  the  UC700  is  a  broad¬ 
er,  enterprise-class  client/server  softphone  that  provides  full  presence 
capability  and  VIP  call-routing.  It  closely  integrates  with  the  MC530  client, 
which  we  tested  on  Research  In  Motion’s  BlackBerry  8700  and 
BlackBerry  Curve  8300, and  the  Windows-Mobile-based  HTCTyTN  smart¬ 
phone. 

We  found  that  with  the  UC700  mobile  client,  we  had  the  same  UC 
experience  as  users  sitting  at  a  desk  in  the  office.  The  mobile  client 
offered  good,  responsive  presence  displays  and  correctly  identified  the 
availability  of  the  wireless  network  with  a  GUI  indicator  showing  the 
type  of  network  connection  (cellular  or  Wi-Fi). 

The  UC700  worked  well  with  the  Microsoft  components  in  our  test 
bed,  updating  its  presence  with  Microsoft  Outlook  calendar  informa¬ 
tion  and  obtaining  the  latest  contact  information  for  communications 
purposes.  It  also  offered  good-quality  video  without  reduction  in  crisp¬ 
ness  or  clarity  with  800-by-600-pixel  resolution. The  audio  was  synchro¬ 
nized  with  the  video,  enabling  users  to  see  the  status  of  their  contacts 
and  to  determine  quickly  which  communication  method  (phone, 
mobile,  voice  mail,  e-mail  or  fax)  was  fastest.  Presence  is  streamlined  by 
setting  contact  rules  that  can  be  modified  for  different  contacts.  Once 
set,  a  contact  rule  can  be  left  as  is  or  changed  on  the  fly.  Calls  are  then 
routed  by  the  underlying  NEC  servers  based  on  caller  ID,  user  status  and 
Microsoft  Outlook  schedule  information. 

NEC  also  offers  a  well  designed,  proprietary  IM  application  embed¬ 
ded  in  its  MC530  client.  Instant  messages  can  be  sent  and  received  with¬ 
out  exiting  the  application. The  mobile  screen  showed  the  same  menu 
as  the  desk  phones  and  the  PC-based  softphones.We  can  verify  that  the 
UC  client  uses  its  IM  application  to  send  instant  messages  to  the 
Microsoft  IM  program.  Text  and  video  messages  were  sent  from  one 
client  endpoint  to  another.  Presence  information  and  contact  list  was 
available  throughout  the  endpoints. 

An  optional  software-feature  plug-in  for  Microsoft  Outlook  2007 
allows  Outlook  to  process  voice-mail  messages  and  redirect  them  to 
a  handset,  or  listen  to  them  from  a  PC.  Messages  can  be  recorded  via 
the  PC  or  a  phone. This  feature  is  easy  to  use  and  is  integrated  clean¬ 
ly  with  the  Outlook  client  interface  and  the  underlying  NEC  UC 
voice-mail  programs. 

The  NEC  UA5200  can  best  be  described  as  a  next-generation  atten¬ 
dant  console.The  console  user  has  access  not  only  to  all  incoming-call 
information  but  also  to  presence  information  for  the  called  party.  With 
only  two  clicks,  an  incoming  call  can  be  forwarded  to  the  recipient, 
alternate  numbers  or  voice  mail.  For  security  purposes,  it  records  threat 
calls  with  a  single  click  and  includes  both  the  voice  message  and  such 
details  as  caller  ID,  if  available,  time  and  length.  If  customer  records  are 
kept  on  the  UA5200,  private  call  information  can  be  sorted  and  identi¬ 
fied  with  color  codes,  with  access  subject  to  confidentiality  rules. 

Reliability:  No  sweat 

Our  reliability  testing  taxed  both  servers  and  endpoints,  exercising 
available  failover  capabilities  by  disconnecting  network  links  and,  in 
some  cases,  interrupting  power. When  we  unplugged  the  power  (one  by 
one)  to  the  redundant  OW5000s, access  to  the  underlying  SQL  database 
on  which  presence  propagation  relies  was  retained. 

The  UM8500  voice-mail  servers  are  configured  in  a  secure  Microsoft 
Cluster  environment,  which  combines  multiple  virtual  servers  onto  one 
or  more  physical  servers;  all  can  be  managed  from  the  Web-based 
MA4000  Management  System  application.  In  this  instance  the  Microsoft 
Exchange  Server  2007  and  Active  Voice  servers  were  combined  into  vir¬ 
tual  servers  hosted  on  the  physical  UM8500. 

A  voice  mail  sent  to  an  extension  attached  to  the  redundant  server 
was  available  with  no  delay  of  the  message,  even  after  the  first  cluster 
(OH1)  containing  the  active  server  was  disconnected  from  the  net¬ 
work.  Full  voice-mail  options  remained  available  during  the  server 
takeover  process.  There  was  a  slight  delay  when  Cluster  OH1  became 


NEC's  unified  communications  platform  should  appeal  to 
mobile  users  looking  to  take  advantage  of  stylish  new 
devices  as  it  pushes  a  uniform  view  of  messaging  services 
out  to  a  wide  range  of  mobility  gadgets. 

active  and  Cluster  OH2  was  disconnected.  Voice  mail  logon  was  avail¬ 
able  after  1  minute,  but  the  voice  mail  message  was  available  after 
about  2  minutes.  Voice  mail  was  available  through  the  failure  of  the 
Exchange  Server. 

System  oversight:  Excellent 

NEC  provides  a  number  of  stand-alone  applications  that  can  manage 
individual  components  of  the  UC  system,  but  all  components  can  also 
be  managed  from  a  centralized  location  using  the  MA4000  application. 
Residing  on  its  own  server,  the  MA4000  provides  a  single  point  of 
administration  and  a  single  point  of  entry  for  IP  PBX  communications, 
voice  mail,  corporate  directory  call  accounting  and  E911  service. 

Because  it’s  accessible  by  network  administrators  and  users  who  have 
permission  to  use  various  components  in  delegated  management  sce¬ 
narios,  the  MA4000’s  GUI  has  been  designed  to  simplify  management 
tasks  for  IT  technicians  and  managers.  Drop-down  lists  simplify  terminal 
provisioning,  and  move-add-change  tasks  are  handled  with  a  wizardlike 
interface.  One  thing  we  really  liked  was  its  consistent  look  and  feel  for 
users  and  administrators. 

Powerful  tools  simplify  and  expedite  station  programming  and  re¬ 
numbering.  For  example,  large  groups  of  devices  can  be  deployed,  and 
mass  configuration  changes  can  be  applied  with  the  MA4000’s  range¬ 
programming  tool,. 

Its  real-time  monitoring  tool  determines  the  status  of  each  station  and 
collects  VoIP  and  network  traffic  statistics  from  the  SV7000  servers.This 
data  can  be  used  for  capacity  planning  and  for  setting  up  threshold- 
based  alerts.  For  mass  deployments,  comma-separated-values  files  also 
could  be  used. 

The  MA4000  also  offers  proactive  fault  management  that  is  designed 
to  prevent  network  problems  before  they  can  take  hold.  Potential  fault 
details  are  collected  from  all  IP-PBX  and  network  applications  in  real 
time  with  SNMP  traps.These  are  categorized  by  type, severity, source  and 
even  description. The  MA4000  then  generates  notices  for  each  type  of 
determined  fault. 

As  secure  as  it  is  powerful,  the  MA4000  works  with  LDAP-based  Active 
Directory  authentication  methods,  providing  a  single  point  of  authenti¬ 
cation  for  administrators  and  users.  For  security  purposes,  user  and 
administrator  management  interactions  are  encrypted. 

The  MA4000  also  offers  certain  types  of  intrusion  detection,  toll- 
fraud  protection  and  a  full  audit  history.  It  can  raise  an  alarm  and 
log  information  when  it  detects  unauthorized  access.  For  example, 

See  NEC,  page  28 
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NEC 

continued  from  page  26 

it  tracks  multiple  incorrect  attempts  to  enter  a  password,  and  can 
send  an  alarm  if  there  is  an  attempt  to  “hack”  voice  mail.  We  really 
liked  that  the  alarm  “pages”  list  possible  causes  fora  flagged  event. 
The  administrator  no  longer  needs  a  book  of  codes  with  their  sig¬ 
nificance. 

System  security:  Solid 

Based  on  tests  in  which  we  assessed  the  vulnerability  of  the  major  UC 
components  in  the  NEC  offering  using  a  variety  of  load  and  threat-gen¬ 
eration  tools,  we  can  say  the  system  is  highly  reliable  and  secure.  Server 
failover  mechanisms  responded  quickly  to  deliberate  network  and 
power  disconnections,  and  seamlessly  maintained  calls  in  progress. We 
attempted  several  attacks,  which  are  discussed  below,  and  the  SIP  serv¬ 
er  shrugged  off  our  attempts  to  breach  its  security 
Using  ClearSight  Analyzer  and  WinSIP  3.0,  we  attempted  to  intercept 
and  modify  traffic  to  gain  ingress  to  the  network.These  attempts  failed 
because  of  the  thick  encryption  on  the  server  and  other  UC  compo¬ 
nents.  We  also  tested  the  security  of  the  system’s  other  components, 
aiming  to  make  communications  fail.  We  conducted  a  series  of  vul¬ 
nerability  scans,  compound  attacks,  distributed  DoS  attacks, SIP-torture 
and  other  assaults  in  an  attempt  to  find  security  holes. 

A  Mu  Dynamics  Mu4000  Service  Analyzer  was  used  to  comprehen¬ 
sively  test  the  security  offered  by  the  server,  combined  with  our  own 
proprietary  VoIP  security-test  tool  set.  With  the  MU4000,  2,500,107 
anomalies  and  permutations  of  attack  vulnerabilities  were  sent  using  a 
such  protocols  such  as  User  Datagram  Protocol,  Address  Resolution 
Protocol,  DHCpiPv4  and  SIPThe  hardened  SV7000  resisted  all  attacks, 
remaining  fully  operational. 

We  conducted  two  failover  tests  of  the  UM8500  IP  Messaging  com¬ 
ponent,  the  first  with  a  combination  of  Exchange  Server  2007  and 
Active  Voice  (the  voice  mail  component  of  the  UM8500  server)  and  a 
subsequent  one  with  Active  Voice  alone.  Both  were  tested  in  a  redun¬ 
dant  server  configuration  using  MSCS  (Microsoft  Cluster  Server) 
Version  1.0,  included  in  Microsoft  Server  2003.  We  failed  the  servers  in 
turn,  and  checked  that  redundancy  worked  as  expected,  that  the  inac¬ 
tive  server  took  over  the  functions  of  the  failed  one  and  that  voice  mail 
was  available  at  the  system’s  endpoints. 

Conclusion 

In  the  UC  system  we  tested,  we  can  see  NEC’s  strength  in  voice 
communications  (shown  by  its  strong  performance  and  survivabil¬ 
ity)  coming  together  with  the  necessary  components  to  bring  UC 
to  the  masses. The  mobility  client  was  superior  to  that  of  compara¬ 
ble  products  we’ve  tested.  With  its  well-laid-out  and  intuitive  inter¬ 
face,  the  NEC  MC530  Mobile  Client  offers  seamless  connectivity 
and  propagation  of  presence,  is  easy  to  use  and  offers  to  the 
mobile  worker  virtually  all  the  communications  features  that  are 
available  in  the  office. 

Smithers  is  CEO  and  Milner  is  a  senior  analyst  with  Miercom,  an  inde¬ 
pendent  networking  equipment  testing  lab  for  more  than  20  years.  They 
can  be  reached  at  reuiews@miercom.com. 


MM 


■  Miercom  is  a  member  of  the  Network  World  Lab  Alliance,  a 
cooperative  of  the  premier  testers  in  the  network  industry,  each 
bringing  to  bear  years  of  practical  experience  on  every  test.  For 
more  Lab  Alliance  information,  including  what  it  takes  to  become 

a  partner,  go  to  www.networkworld.com/aliiance. 
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THE  NEW  BROCADE  HBA  IS  A  SMARTER  WAY  TO  CONNECT  SERVERS  TO  STORAGE. 

A  single  server-to-storage  infrastructure  lets  you  go  farther  while  never  taking  you  down 
a  dead-end  road.  Brocade  HBAs  streamline  data  center  operations,  helping  you  unify 
management  and  implement  innovative  adaptive  networking  capabilities.  Learn  more  at 


BROCADE 


NEWS  ANALYSIS 


Allen 

continued  from  page  1 

His  most  recent  supercomputer,  a  cluster  of 
1 ,680  machines  with  four  cores  each,  is  in  Han¬ 
over,  Germany  Essentially  it’s  a  6,720-CPU  core 
processor  that  in  the  months  after  it  was  built 
was  ranked  No.  58  in  the  world.  “We  filled  our 
last  row  of  racks  recently  and  we’re  No.  79  on 
the  current  top  500  list  now,”  says  Allen,  the 
director  of  the  Max  Planck  Institute. 

He  builds  his  own  for  several  reasons,  includ¬ 
ing  that  he  thinks  he  gets  more  for  his  money 
when  he  does  the  work  himself. 

“If  you  go  to  a  company  —  Dell  or  IBM  — 
and  you  say ‘I’ve  got  a  $2  million  budget,  what 
can  you  sell  me  for  that  price?’  you’ll  come 
back  with  a  certain  number  of  CPUs,”  he  says. 

“If  you  then  go  and  look  at  Pricewatch  or 
some  other  place  where  you  can  find  out  how 
much  the  gear  really  costs,  you  find  out  that  if 
you  build  something  yourself  with  the  same 

flit’s  always  been  my  experi¬ 
ence  that  if  I  do  it  myself  I  get 
more  bang  for  my  buck.** 

Bruce  Allen 

Director,  Max  Plank  Institute 

money  you’ll  end  up  with  two  or  three  times 
the  processing  power’ 

The  problem  is  big-name  companies  have  a 
lot  of  overhead  comprised  of  layers  of  man¬ 
agement  and  engineering.  “They  do  sell  good 
products,  and  you  don’t  need  to  have  any  par¬ 
ticular  expertise  to  buy  them,”  he  says.  “It’s  al¬ 
ways  been  my  experience  that  if  I  do  it  myself 
I  get  more  bang  for  my  buck.” 

For  instance,  his  first  supercomputer  was 
built  from  a  Linux  cluster  of  bargain  48  DEC 
Alpha  Servers  that  had  been  discontinued, 
each  with  a  single  300-MHz  64-bit  AXP  proces¬ 
sor.  “So  I  got  a  very  good  deal  on  them.  I  think 
the  list  price  was  $6,000  and  I  bought  them 
after  they  were  end-of-lifed  for  $800, ’’Allen  says. 
“The  switch  was  a  3Com  Superstack  100Mbps 
Ethernet  switch.  I  think  it  was  a  pair  of  them, 
each  with  24  ports  connected  by  a  matrix 
cable.” 

The  servers  were  housed  in  a  room  slightly 
larger  than  a  closet  on  particle  board  shelves 
bought  at  The  Home  Depot.  “It  wasn’t  even 
racks  because  rack-mounted  systems  would 
have  raised  the  price  significantly  Allen  says. 
The  whole  thing  used  about  200  watts  of 
power,  and  the  university  facilities  staff  had  to 
remove  flaps  from  the  air  ducts  feeding  the 
room  so  they  could  dissipate  the  heat  effi¬ 
ciently  enough. 

The  total  cost  was  about  $70,000  he  got  from 
the  National  Science  Foundation  (NSF).  The 
grant  was  actually  for  eight  high-end  Sun  work¬ 
stations,  but  he  spent  it  on  the  Linux  cluster 
instead. 

“About  a  year  later  I  was  giving  a  scientific 


talk  about  this,  and  the  two  program  managers 
from  the  NSF  came  up  to  me  afterwards,”  he 
says.“I  sort  of  shamefacedly  apologized.  I  said, 
‘Well,  I  hope  you’re  not  angry  that  I  went  ahead 
and  did  this  anyway 

“And  they  both  laughed  and  said, ‘Well,  we’re 
very  very  happylf  it  hadn’t  been  successful,  we 
wouldn’t  be  saying  that.’" 

Another  benefit  of  crafting  his  own  is  the 
control  it  gives.  Using  a  shared  supercomputer 
creates  unwelcome  delays,  he  says.  At  the  Cal 
Tech  center  for  supercomputer  applications, 
for  example,  he  had  to  batch  his  jobs  and  wait 
two  days  until  it  was  his  turn.Then  if  he’d  made 
a  one-character  error  in  a  submit  file,  for  exam¬ 
ple,  he’d  have  to  redo  it  and  his  job  would 
move  to  the  back  of  the  queue  for  another  two- 
day  wait. 

There  were  many  such  possibilities  for  set¬ 
backs.  “Each  of  these  things  was  a  little  ineffi¬ 
ciency  factor,  maybe  .8  or  something  like  that. 
But  there  were  six  or  eight  or  10  of  these  things 
and  all  of  those  factors  of  .8;  by  the  time  you 
multiply  them  all  together  it  was  very  difficult 
to  actually  get  the  work  done,”  he  says. 

Allen  says  he  has  no  formal  training  in  build¬ 
ing  supercomputers.  Most  of  what  he  uses  is 
Beowulf  open  source  clustering  technology 
that  he  felt  his  way  through.  “1  don’t  think  it 
takes  particular  expertise,”  he  says.“Lots  of  peo¬ 
ple  have  set  up  Linux  networks  at  home  and 
any  of  those  people  with  some  money  and 
some  need  for  a  compute  cluster  could  build 
one,  I  think.” 

The  most  complicated  thing  about  building  a 
cluster  is  the  networking,  and  the  trickiest  part 
of  that  is  automating  configuration  of  the 
boxes.  When  he  started  out  on  the  48-node 
cluster  in  1998,  he  did  each  operation  by  hand 
on  each  server. “You  quickly  discover  if  it  takes 
you  five  minutes  per  computer  to  do  some¬ 
thing  and  you  have  to  do  it  48  times  an  entire 
morning  or  afternoon  goes  by  and  what’s  more 
you  make  mistakes,”  he  says. 

“So  the  name  of  the  game  is  setting  up  auto¬ 
mated  systems  to  do  things,  like  automated  sys¬ 
tems  for  installing  operating  systems  and 
cloning  machines  and  so  forth.  There’s  lots  of 


Bruce  Allen  has  built  four  supercom¬ 
puters  so  far.  He  finds  that  by  doing  it 
himself,  he  can  save  money  and  has  a 
sense  of  control  of  the  project. 


public  domain  tools  out  there  for  doing  that.” 

Allen  says  he  regards  the  supercomputers  as 
a  tool  for  observing  gravitational  waves,  which 
he  regards  as  just  another  tool  for  finding  out 
more  about  the  universe. 

“For  example,  orbiting  pairs  of  black  holes 
don’t  emit  any  light,  no  optical,  no  radio,  no  X- 
rays,”  Allen  says.“But  they  do  emit  gravitation¬ 
al  waves  so  we’ll  be  able  to  study  such  things 
by  their  gravitational  wave  emission.  And 
who  knows  what  else  we’ll  discover?  That’s 
really  our  secret  hope,  that  we’ll  find  some¬ 
thing  really  new’B 
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device 


Efficiently  aggregate  full-duplex  data  into  your  analysis  or  security 


•Supports  10/100/1000 

•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  all  commercial  analysis  systems 

•  Also  works  with  open-source  tools 

Learn  more.  Visit  www.networkTAPs.com. 


Buffer  options: 

256  MB . 

....  $1,295 

512  MB . 

....  $1,795 

1GB . 

....  $2,195 

Qtap™ 

Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  nTAPs  for  full-duplex  analyzer  systems. 
Free  overnight  delivery  * 

www.networkTAPs.com  •  1  -866-GET-uTAP 
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^  *Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 

©  2008  Network  Instruments,  LLC.  nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC 
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NETWORK  SIMULATOR 


NetSim  Provides: 

»  Hands-on  training 
without  the  hardware 

»  Guided  labs  to  help 
you  learn  the  technology 

»  Ability  to  build  and 
test  your  own  network 

Get  Started  Learning  Today! 


How  Do  You  Monitor, 
Distribute  &  Control 
High  Density  Cabinet 
Power  In-Feeds? 


With  Sentry-! 

Switched  &  Smart  3-Phase  Power  Distribution  Units 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


>  High  Power  Distribution: 

208V  3-Phase  30A/60A  or  400V  3-Phase  16A/32A 

>  Flexible  Mounting: 

Zero  U  or  Modular  mounting  inside  the  cabinet 

>  Delta  or  Wye  In-Feeds: 

Wye  in-feeds  can  also  provide  1 20V  power  outputs 

>  Multiple  Outlet  Types: 

IEC  Cl  3,  Cl  9  &  NEMA  5-20R  outlets  in  multiple 
configurations 

,>  Local  Current  LED's: 

Verification  of  input  current  and  for  load  balancing. 

>  Environmental  Monitoring: 

External  temperature  &  humidity  probes. 

>  Linking: 

Links  (2)  units  with  (1)  IP  address  for  Remote  Monitoring 

>  Remote  Control,  Monitoring  and  Security: 

,  Web  interface,  SSL,  SSH,  Telnet,  SNMP,  FTP,  SNTP,  Syslog, 
LDAP  &  LDAPS,  TACACS+  &  RS-232  access 


Server  Technology,  Inc.  /  Headquarters 

1  .,1040  Sandhill  Drive'  tf  +1.800.835.1515 

,  ,  Reno,  NV  89521 -USA  tel  +1.775.284.2000 

■i  www.servertech.com  ^ax  +1-775.284.2065 

'  fwww.servertechblog.com  sales@seryertech.com 
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Server  Room 
Climate  &  Power 
Monitoring 
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Bdilf^in  Web  Interface 

Kmperature  &  Humidity 
>wer  over  Ethernet  Enabled 
E-mail  Alarms  &  Escalations 
SNMPf  XML,  HTTP,  HTTPS 
Optional  IP  Web  Cams 


MkroGoose 


Physical  Security 
Video 

Temperature 
Power  Problems 
Water  on  the  Floor 
Humidity 
Smoke  and  Fire 
And  much  more 


Instant  Notification  by  Phone  or 
E-mail  when  events  threaten  your 
Infrastructure. 


New  solutions  starting 
at  under  SI ,000 

Dealers  Wanted 

Contact  us  today  to  discuss  your  application 
^ _ _ _ _ , 

www.ims-4000.com  877-373-2700 


Instantly  Search  Terabytes  of  Text 
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♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  supports  hundreds  of  international  languages 

♦  file  parsers  /  converters  for  hit-highlighted  display  of  all  popular  file  types 

♦  Spider  supports  static  and  dynamic  web  data;  highlights  hits  while  displaying 
links,  formatting  and  images  intact 

♦  API  supports  .NET,  C++,  Java,  SQL,  etc.  New  .NET  Spider  API 

The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  "Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 

and  returns  results  in  less  than  a  second"  -  InfoWorld 

♦  "For  combing  through  large  amounts  of  data,"  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  dtSearch  "covers  all  data  sources  ...  powerful  Web-based  engines"  -  eWEEK 

♦  dtSearch  "searches  at  blazing  speeds"  -  Computer  Reseller  News  Test  Center 

See  www.dtsearch.com  for  hundreds  more  reviews, 
and  hundreds  of  developer  case  studies 
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Contact  dtSearch  for  fully-functional  evaluations 
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1-800-IT-FINDS  •  www.dtsearch.com 


_ 


— 


HTWORKWOfflJ) 

6s  Editorial  Index 


■  A _ 

Alcatel/Lucent _ 18 

Amazon _ 34 

Apple _ 8, 16 

Avaya _ 16J25. 


■it _ 

risen _ 8,  9, 13, 16 

ClearSight  Networks _ 25. 

Clearwira _ 12. 

Cox  Communications _ 12 


■  E  _ 

Empirix_ 25. 


■M _ 

MoAfp.fi _ 13,  14 

Miornsoft _ 1,  8,  16,  95 

Mo7illa _ 8,  17 

Mu  Dynamics _ 28. 

mValent _ 8 


■  N _ 

NEC  Unified  Solutions _ 25. 

NfitApp _ a. 

Nortel _ 18 


■  0 _ _ 

Oracle _ 8 


■JE _  ■  R 


FRSer.ure 

_ 24_ 

Research  in  Motion _ 

90  96 

Fusion-io _ 

_ 8 _ 

■  S 

■  G 

SAP _ 

8 

Google _ 

_ 16, 17,  34 

SiCnrtex _ 

10 

Sprint 

19 

■  H  _ 

Sun 

9 

HTC 

26 

Svmantec 

13. 14 

■J _  IT 


IBM _ 

_ 14 _ 

3C.om 

30 

InfoExpress _ 

_ 13 _ 

T-Mobile 

20 

Tnur.hStnne  Ter.hnolnnies 

25 

■  J 

Juniper 

8M 

■  V 

Verizon  Business _ 

22 

VMware _ S_ 


■  Advertiser  Index 


Boson  Software _ 

_ 31 _ 

hoson.com/NWFB9 

Brocade  Communications  Svstems 

28.29 

www.brocade.eomfsmarterconnection 

DNSstuff 

15 

DNSstuff  com 

dt  Search 

89 

www.dt.search.conn 

HP 

55 

hp.com/servers/virtual12 

IBM  C.nrp 

5 

ihm  cnm/green/info 

lBM.£orp 

5 

ihm  com/  reen/services 

IBM  Com 

7 

ibm.com/green/data 

IBM  C.orp _ 

56 

_ ihm.com/systems/fa.stest 

IT  Watchdogs _ 

32 

ITWatchdogs.com 

Masergy _ 

25 

masergy.CQm 

Network  Instruments  1  1  C. 

31 

www.networkTAPs.com 

Sensa phone _ 

39 

www.ims-4n00.com 

Server  Technology  Inc 

31 

_ www.servertech.com 

These  indexes  are  provided  as  a  reader  service,  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions. 

'Indicates  Regional  Demographic 


S  International  Data  Group 

Chairman  of  the  Board,  Patrick  J.  McGovern 

■  IDG  Communications,  Inc. 

CEO,  Bob  Carrigan 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information 
technology.  IDG  publishes  over  300  computer  publications 
in  85  countries.  One  hundred  million  people  read  one  or 
more  IDG  publications  each  month.  Network  World  con¬ 
tributes  to  the  IDG  News  Service,  offering  the  latest  on 
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Fixing  the  privacy  joke 

Ti 


1  he  whole  idea  of  privacy  has  become  a 
joke.  On  one  hand  we  have  consumers 
who  will  give  away  their  personal  details 
to  random  Web  sites  (as  well  as  to  Mrs.Sikiratu 
Seki  Adam, “a  widow  to  Late  Saheed  Baba 
BACKSPIN  Adams”)  at  the  drop  of  a  virtual  hat,  and  on 
r.  ,  p  . ,,  the  other  we  have  businesses  losing  personally 

.  v!  a  I  h  3  I D  D  ^  identifiable  information  and  transaction  data 

with  wild  abandon  . . .  yes,  I’m  talking  about 
you  Heartland  Payment  Systems. 

This  widespread  carelessness  has  compromised  the  privacy  of  tens  of 
millions  of  consumers  and  businesses. While  carelessness  is  the  cause, 
what  has  allowed  it  to  go  unchecked  are  a  number  of  factors: The  In¬ 
ternet  making  transactions  easier  and  faster;  the  systems  we  use  on  the 
Internet  (particularly  Windows  PCs)  being  as  secure  as  the  First  Little 
Pig’s  house  of  straw;  organizations  not  taking  security  seriously  enough; 
naive  consumers;  and  inadequate  regulation  of  the  companies  that 
hold  private  data. 

What  got  me  thinking  about  this  privacy  void  was  a  letter  my  wife 
received  from  Nordstrom  Bank  yesterday.  My  wife  has  a  Nordstrom 
credit  card  and  the  company  sent  us  its  latest  privacy  policy,  again. 

This  version  was  one  page  of  small  text  that  more  or  less  says  what 
every  other  privacy  notice  from  financial  services  companies  say  The 
policy  starts  by  defining  what  data  is  collected,  which  is  more  or  less 
anything  and  everything  they  can,  and  what  they  want  to  “share”  with 
their  “affiliates”,  which  is  pretty  much  anything  and  everything. 

The  document  outlines  what  they  want  to  share  with  “third  parties”, 
which  pretty  much  means  it  wants  to  do  deals  with  all  comers;  makes 
a  vague  commitment  to  its  provisions  for  confidentiality  and  security 
(we  know  there’s  a  good  chance  these  provisions  mean  squat);  offers 


you  the  option  of  opting  out,  and  states  that  even  when  you  are  no 
longer  a  customer  it  still  has  your  data  and  will  treat  it  just  as  they 
would  if  you  were  a  customer. 

Here’s  the  problem  with  policies  like  these: They  favor  and  protect 
the  company  not  the  customer,  despite  customer  protection  being  the 
original  reason  companies  were  obliged  to  create  and  disseminate 
such  policies. 

Maybe  there’s  one  company  out  there  with  a  privacy  policy  that  is 
less  one-sided  and  favors  the  customer,  but  if  there  is  1  haven’t  seen  it. 

Here’s  what  I  want  to  see:  a  law  that  defines  a  uniform  privacy  policy 
that  applies  to  all  customers  of  all  companies,  that  specifically  disal¬ 
lows  “sharing”  of  data  with  “affiliates”  and  third  parties  unless  expressly 
permitted  by  the  customer.  In  other  words,  opt-in  rather  than  opt-out. 

Special  provisions  in  privacy  policies  would  require  regulatory 
approval  and,  should  a  company  lose  customer  data  for  whatever  rea¬ 
son,  it  would  immediately  be  prohibited  from  any  kind  of  data  sharing, 
even  for  those  customers  that  (foolishly)  agreed  to  allow  it. 

These  reforms  would  mean  we  wouldn’t  have  to  read  endless  varia¬ 
tions  of  what  is  essentially  the  same  policy  gratuitous  data  sharing 
would  be  vastly  reduced  (imagine  the  effort  and  incentives  that  data 
owning  companies  would  make  to  get  you  to  allow  them  to  share  your 
data)  and  companies  would  be  far  more  motivated  to  be  more  careful 
with  data. 

We’ve  had  decades  of  companies  of  all  kinds  calling  the  shots  and 
playing  fast  and  loose  with  our  privacy  It’s  time  the  customer  got  what 
is  really  theirs  in  the  first  place:  The  right  to  own  their  privacy  some¬ 
thing  that  isn’t  a  joking  matter. 

Gibbs  might  be  in  Ventura,  Calif.,  but  you  don ’t  really  need  to  know.  If 
you  want  to  “share",  send  your  details  to  backspin@gibbs.com. 


Google  execs  on 

Read  that  headline  again  because  it  bog¬ 
gles  the  mind  (mine,  at  least):  Italian  pros¬ 
ecutors  have  placed  four  Google  execu¬ 
tives  on  criminal  trial  over  their  roles  —  which 
were  non-existent  —  in  the  posting  of  a  video 
that  depicted  the  taunting  of  a  disabled  child. 

They  could  get  three  years  in  jail. The  trial, 
which  started  last  week,  has  been  suspended 
until  Feb.  18. 

A  Google  spokeswoman  told  IDG  News 
Service: “It’s  akin  to  prosecuting  mail  service  employees  for  hate 
speech  letters  sent  in  the  post.  Seeking  to  hold  neutral  platforms  liable 
for  content  posted  on  them  is  a  direct  attack  on  a  free,  open  Internet.” 

The  matter  was  first  brought  to  light  by  the  International  Association 
of  Privacy  Professionals  (IAPP),  which  notes:  “According  to  Google, 
more  than  200,000  videos  are  uploaded  to  Google  Video  each  day. 
Under  EU  legislation  incorporated  into  Italian  law  in  2003,  Internet  ser¬ 
vice  providers  are  not  responsible  for  monitoring  third-party  content 
on  their  sites,  but  are  required  to  remove  content  considered  offensive 
if  they  receive  a  complaint  about  it.  Between  Nov.  6  and  7, 2006,  Google 
received  two  separate  requests  for  the  removal  of  the  video  —  one 
from  a  user,  and  one  from  the  Italian  Interior  Ministry,  the  authority 
responsible  for  investigating  Internet-related  crimes.  Google  removed 
the  video  on  Nov.  7, 2006,  within  24  hours  of  receiving  the  requests.” 

Yet  four  Google  employees  remain  in  legal  jeopardy  their  very  liberty 
on  the  line.  Mind-boggling. 

Of  course,  it’s  somewhat  difficult  for  this  American  to  muster  too 
much  indignation  over  the  notion  of  local  authorities  exercising  egre- 
giously  excessive  control  over  an  Internet  that  they  do  not  control. 
We’ve  had  our  fair  share  here  —  to  cite  but  two  examples  —  with  the 
state  of  Kentucky  seizing  domain  names  and  the  governor  of 
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trial  in  Italy  over  a  video 

Massachusetts  threatening  to  jail  online  poker  players  (I’ve  never  be¬ 
lieved  he  was  serious). 

Italian  authorities  appear  to  be  serious,  despite  widespread  ridicule 
and  condemnation. 

Might  last  week’s  trial  suspension  signal  a  rethinking  of  the  matter? 
Apparently  not. 

The  IAPP  quoted  an  attorney  familiar  with  Italian  legal  proceedings: 
“This  is  very  common. The  first  one  or  two  days  usually  involve  making 
sure  everything  is  fine  from  a  procedural  point  of  view? 

The  only  way  everything  could  be  fine  from  a  procedural  point  of 
view  would  be  if  this  case  ceased  proceeding. 

Kindle’s  a  billion-dollar  business? 

All  by  itself?  In  anticipation  of  Amazon’s  expected  unveiling  of 
Kindle  2.0  in  New  York  City  today  Citigroup  analyst  Mark  Mahaney  last 
week  created  a  bit  of  a  buzz  with  his  estimate  that  sales  of  the  e-reader 
could  reach  $1.2  billion  as  early  as  next  year.  Amazon  doesn’t  release 
such  information,  but  Mahaney  noodled  his  numbers  by  combining 
various  strings  of  publicly  available  data. 

Granted,  Kindle  has  the  Oprah  Seal  of  Approval  and  all,  but  sales  of 
that  magnitude  cannot  be  attributed  to  even  the  most  powerful  celebri¬ 
ty  endorsement.  It’s  becoming  clear  that  the  e-reader  has  come  of  age. 

What’s  left  to  be  seen  is  whether  Amazon  can  keep  up  with  demand. 
You  may  recall  that  back  around  Thanksgiving  I  wrote  about  the  item’s 
untimely  (as  in  pre-holiday  shopping)  back-order  delay  of  1 1  to  13 
weeks.  As  I  type,  Amazon’s  site  says  that  it  is  still  sold  out:  “Please  order 
now  to  reserve  your  place  in  line.” 

How  about  making  enough  so  the  line’s  not  too  long?  Is  that  asking 
too  much? 

My  e-reader  is  still  buzz@nww.com. 
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Deal  with  the  virtual  — 
and  reality. 


When  it  comes  to  IT,  your  universe  is  always  expanding.  Needs  increase, 
resources  are  stretched  and  options  can  be  limited.  But  now,  you  can  rethink 
how  you  control  and  optimize  your  physical  and  virtual  servers  by  integrating 
them  with  one  powerful  software  solution,  Insight  Dynamics  — VSE.  Now  you 
can  increase  flexibility,  improve  cost  and  energy  efficiency,  and  simplify 
daily  operations. 

Supporting  this  technology  is  HP's  commitment  to  service  and  dependability  — 
a  point  of  difference  that  led  IDC  to  name  HP  the  #1  vendor  for  virtualization." 


Technology  for  better  business  outcomes. 


Quad-Core  AMD  Opteron™  Processor, 
with  AMD  Virtualization™  technology 

Ideal  for  general-purpose  solutions  and 
high-performance  computing 

Affordable,  modular  rack  systems  to 
give  your  IT  department  the  flexibility 
to  expand  with  your  business 


f-V- 


Quad-Core  AMD  Opteron™  Processor, 
with  AMD  Virtualization™  technology 

•  Infrastructure-in-a-box  saves  you  time, 
power  and  money  by  reducing  repetitive 
parts  and  redundant  operations 

•  Add,  replace  and  recover  resources  on 
the  fly  without  rewiring 


To  learn  more,  call  1-888-277-5467  or  visit  hp.com/servers/virtuall2 


AMO,  the  AMD  arrow  logo,  AMO  Opteron  and  combinations  thereof,  ore  trademarks  of  Advanced  Micro  Devices,  Inc. 

©  2009  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  is  subject  to  change  without  notice. 
‘Source:  IDC  Quarterly  Server  Virtualization  Tracker,  October  2008. 


1,200,000 

TRANSACTIONS  PER  MINUTE. 


DONE. 

Introducing  the  world’s  fastest  x86-64  server.  The  IBM  System  x3950  M2  with  eX4  technology, 
Intel®  Xeon®  7400  series  processors  and  IBM  DB2®  has  set  a  new  performance  record.  IBM 
has  built  the  first  x86-64  system  to  break  the  one-million-transactions-per-minute  barrier: 
It’s  a  new  standard  in  performance  that  improves  efficiency  and  can  help  save  money  in 
transaction  and  database  processing.  Find  out  how  it  can  help  you  keep  pace  in  a  faster 
world  at  ibm.com/systems/fastest  STOP  TALKING  START  DOING™ 


Xeon 


inside 


Powerful. 

Efficient. 


'IBM  System  x3950  M2  with  the  Intel  Xeon  Processor  X7460  (2.66GHz  8  processors/48  cores/48  threads),  1,200,632  tpmC,  $1.99  USD  /  tpmC,  availability  as  of  December  10,  2008.  Results  referenced 
are  current  as  of  August  19,  2008.  To  view  all  TPC  benchmark  results,  visit  www.tpc.org.  TPC,  TPC-C  and  tpmC  are  trademarks  of  the  Transaction  Processing  Performance  Council  IBM,  the  IBM  logo, 
System  x,  ibm.com,  DB2  and  STOP  TALKING  START  DOING  are  trademarks  of  International  Business  Machines  Corporation,  registered  in  many  jurisdictions  worldwide  A  current  list  of  IBM  trademarks  is 
available  on  the  Web  at  "Copyright  and  trademark  information”  at  www.ibm.com/legal/copytrade.shtml,  Intel,  the  Intel  Logo,  Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel 
Corporation  in  the  United  States  and  other  countries.  ©  2009  IBM  Corporation.  All  rights  reserved. 


